Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Cisco :: tb11026.htm

Cisco CallManager 4.1 Input Validation Vulnerability



Cisco CallManager 4.1 Input Validation Vulnerability
Cisco CallManager 4.1 Input Validation Vulnerability



Cisco CallManager 4.1 Input Validation Vulnerability

scip AG Vulnerability ID 2977 (03/13/2007)
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977 

I. INTRODUCTION

Cisco CallManager, short CCM, is a professional voice-over-IP solution
that tracks active components, including among others phones, gateways,
conference bridges, transcoding resources and voicemail boxes.

II. DESCRIPTION

Marc Ruef and Stefan Friedli found a web-based vulnerability that was
identified in Cisco CallManager 4.1 and may affect earlier versions as well.

The web interface of the application fails to properly santisize data
supplied by the search-form before displaying it back to the user.
Though several filters are in place to prevent the injection of 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH