CVE-2014-8025: Infoleak
First published: Tue Dec 23 2014(Updated: )
The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Jabber |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-8025?
CVE-2014-8025 is rated as a medium severity vulnerability.
How do I fix CVE-2014-8025?
To mitigate CVE-2014-8025, ensure that network communications are encrypted, ideally using HTTPS.
What type of attacks can CVE-2014-8025 lead to?
CVE-2014-8025 can lead to sensitive information disclosure through network sniffing.
Which products are affected by CVE-2014-8025?
CVE-2014-8025 affects the Cisco Jabber Guest API when HTML5 is used.
What information can be exposed due to CVE-2014-8025?
CVE-2014-8025 can expose sensitive information sent over HTTP GET or POST requests.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco jabber