CVE-2013-1168

Name of the Vulnerable Software and Affected Versions Cisco Unified MeetingPlace Application Server versions 7.0 through 7.1MR1 Patch 1 Cisco Unified MeetingPlace Application Server versions 8.0 through 8.0MR1 Patch 0 Cisco Unified MeetingPlace Application Server versions 8.0 through 8.5MR2 Patch 9, and 8.5 before 8.5MR3 Patch 1 can be simplified to Cisco Unified MeetingPlace Application Server versions 7.0 through 7.1MR1 Patch 1 Cisco Unified MeetingPlace Application Server versions 8.0 through 8.0MR1 Patch 0 Cisco Unified MeetingPlace Application Server versions 8.5 through 8.5MR2 However, the correct simplification is Cisco Unified MeetingPlace Application Server versions 7.0 through 7.1MR1 Patch 1 Cisco Unified MeetingPlace Application Server versions 8.0 through 8.0MR1 Patch 0 Cisco Unified MeetingPlace Application Server versions 8.5 through 8.5MR2

Description The web server in Cisco Unified MeetingPlace Application Server does not invalidate a session upon a logout action, making it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie.

Recommendations For Cisco Unified MeetingPlace Application Server versions 7.0 through 7.1MR1 Patch 1, update to version 7.1MR1 Patch 2 or later. For Cisco Unified MeetingPlace Application Server versions 8.0 through 8.0MR1 Patch 0, update to version 8.0MR1 Patch 1 or later. For Cisco Unified MeetingPlace Application Server versions 8.5 through 8.5MR2, update to version 8.5MR3 Patch 1 or later.