CVE-2013-3425

Name of the Vulnerable Software and Affected Versions Cisco WebEx version 11

Description The issue allows remote authenticated users to enumerate files by analyzing different error messages generated for invalid file-access attempts. This is possible due to the Meeting Center component in Cisco WebEx generating distinct error messages based on whether a file exists.

Recommendations For Cisco WebEx version 11, consider restricting access to the Meeting Center component until a fix is available. As a temporary workaround, limit the ability of remote authenticated users to make file-access attempts to minimize the risk of file enumeration.