CVE-2013-3983: Input Validation
First published: Fri Feb 14 2014(Updated: )
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HCL Sametime | =8.5.2.0 | |
| HCL Sametime | =8.5.2.1 | |
| HCL Sametime | =9.0.0.0 | |
| HCL Sametime | =9.0.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-3983?
CVE-2013-3983 is classified as having unspecified severity, indicating potential risks related to URL validation in redirects.
How do I fix CVE-2013-3983?
To fix CVE-2013-3983, it is recommended to update to the latest version of IBM Sametime that addresses this vulnerability.
What versions of IBM Sametime are affected by CVE-2013-3983?
CVE-2013-3983 affects IBM Sametime versions 8.5.2.0, 8.5.2.1, 9.0.0.0, and 9.0.0.1.
What vulnerabilities are associated with CVE-2013-3983?
CVE-2013-3983 is associated with security issues related to insufficient URL validation in Cookie headers.
Can CVE-2013-3983 be exploited remotely?
Yes, CVE-2013-3983 has remote attack vectors due to the lack of validation in redirects.
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/hcl sametime
- version/hcl sametime/8.5.2.0
- version/hcl sametime/8.5.2.1
- version/hcl sametime/9.0.0.0
- version/hcl sametime/9.0.0.1