CVE-2013-1221
First published: Thu May 09 2013(Updated: )
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Customer Voice Portal | <=9.0\(1\) | |
| Cisco Unified Customer Voice Portal | =3.0-sr1 | |
| Cisco Unified Customer Voice Portal | =3.0-sr2 | |
| Cisco Unified Customer Voice Portal | =3.6\(10\)-es01 | |
| Cisco Unified Customer Voice Portal | =4.0 | |
| Cisco Unified Customer Voice Portal | =4.0\(2\) | |
| Cisco Unified Customer Voice Portal | =4.0\(2\)-sr1 | |
| Cisco Unified Customer Voice Portal | =4.1 | |
| Cisco Unified Customer Voice Portal | =7.0 | |
| Cisco Unified Customer Voice Portal | =7.0\(2\) | |
| Cisco Unified Customer Voice Portal | =8.0\(1\) | |
| Cisco Unified Customer Voice Portal | =8.5\(1\) | |
| Cisco Unified Customer Voice Portal | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-1221?
CVE-2013-1221 is classified as a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2013-1221?
To fix CVE-2013-1221, upgrade to Cisco Unified Customer Voice Portal Software version 9.0.1 ES 11 or later.
Which versions of Cisco Unified Customer Voice Portal are affected by CVE-2013-1221?
CVE-2013-1221 affects multiple versions, including versions up to 9.0(1), 3.0-sr1, 3.0-sr2, and others.
What does CVE-2013-1221 exploit in Cisco Unified Customer Voice Portal?
CVE-2013-1221 exploits improper configuration of Tomcat components in Cisco Unified Customer Voice Portal.
Can CVE-2013-1221 be exploited remotely?
Yes, CVE-2013-1221 can be exploited remotely through crafted HTTP or HTTPS requests.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/cisco
- canonical/cisco unified customer voice portal
- version/cisco unified customer voice portal/9.0\(1\)
- version/cisco unified customer voice portal/3.0-sr1
- version/cisco unified customer voice portal/3.0-sr2
- version/cisco unified customer voice portal/3.6\(10\)-es01
- version/cisco unified customer voice portal/4.0
- version/cisco unified customer voice portal/4.0\(2\)
- version/cisco unified customer voice portal/4.0\(2\)-sr1
- version/cisco unified customer voice portal/4.1
- version/cisco unified customer voice portal/7.0
- version/cisco unified customer voice portal/7.0\(2\)
- version/cisco unified customer voice portal/8.0\(1\)
- version/cisco unified customer voice portal/8.5\(1\)
- version/cisco unified customer voice portal/9.0