AOH :: Cisco :: TB11026.HTM

AOH :: Cisco :: TB11026.HTM
Cisco CallManager 4.1 Input Validation Vulnerability

Cisco CallManager 4.1 Input Validation Vulnerability Cisco CallManager 4.1 Input Validation Vulnerability


Cisco CallManager 4.1 Input Validation Vulnerability

scip AG Vulnerability ID 2977 (03/13/2007)
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977 

I. INTRODUCTION

Cisco CallManager, short CCM, is a professional voice-over-IP solution
that tracks active components, including among others phones, gateways,
conference bridges, transcoding resources and voicemail boxes.

II. DESCRIPTION

Marc Ruef and Stefan Friedli found a web-based vulnerability that was
identified in Cisco CallManager 4.1 and may affect earlier versions as well.

The web interface of the application fails to properly santisize data
supplied by the search-form before displaying it back to the user.
Though several filters are in place to prevent the injection of 



The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2009 AOH

We do not send spam.  If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.