The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379.
AV:N/AC:L/Au:N/C:N/I:C/A:NCisco Unified Customer Voice Portal
APPCisco3.03.6\(10\)4.04.0\(2\)4.17.07.0\(2\)8.0\(1\)8.5\(1\)9.0≤ 9.0\(1\)
Related vulnerabilities
A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (C...
A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Cust...
A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unau...
A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset funct...
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 doe...