N/A

The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885.

N/A

N/A

Cisco Unified MeetingPlace Application Server 网页服务器安全漏洞

Cisco Unified MeetingPlace是美国思科（Cisco）公司的一套多媒体会议解决方案。该方案提供了将语音、视频和Web会议集成在一起的用户环境。 Cisco Unified MeetingPlace Application Server 7.1MR1 Patch 2之前的7.x版本，8.0MR1 Patch 1之前的8.0版本，8.5MR3 Patch 1之前的8.5版本中的web服务器存在漏洞，该漏洞源于程序未使已注销会话无效。通过会话cookie，远程攻击者可利用该漏洞劫持会话。

N/A

N/A