Sensitive Information Disclosure in Cisco Jabber Guest Server using HTML5
CVE-2014-8025

Currently unrated

Key Information:

Vendor: Cisco
Status: Jabber Guest
Vendor: CVE Published:; 23 December 2014

Summary

The Guest Server in Cisco Jabber, when utilizing HTML5, is susceptible to a vulnerability that enables remote attackers to potentially access sensitive data through network sniffing during HTTP GET or POST operations. This occurs when the API processes responses, allowing malicious entities to exploit this weakness and intercept data transmitted over the network.

References

http://www.securitytracker.com/id/1031422

vdb-entryx_refsource_SECTRACK

https://tools.cisco.com/security/center/viewAlert.x?alert...

vendor-advisoryx_refsource_CISCO

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Dec 23, 2014
Vulnerability Reserved
Oct 8, 2014