Cisco Unified MeetingPlace Web Conferencing SQL注入和缓冲区

发布日期：2012-10-31
更新日期：2012-11-03

受影响系统：
Cisco Unified MeetingPlace Web Conferencing 7.0
Cisco Unified MeetingPlace Web Conferencing 6.0.517 .0
Cisco Unified MeetingPlace Web Conferencing 6.0
描述：
--------------------------------------------------------------------------------
BUGTRAQ  ID: 56349
CVE ID: CVE-2012-5416

Cisco Unified MeetingPlace会议解决方案允许组织承办集成语音、视频和Web会议。

Cisco Unified MeetingPlace Web Conferencing在实现上存在安全漏洞，利用这些漏洞可允许攻击者访问或修改数据、利用下层数据库内的其他漏洞等。

<*来源：Daniel Mende
 
  链接：http://secunia.com/advisories/51103/
        Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing  Ad
*>

建议：
--------------------------------------------------------------------------------
厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-20121031-mp）以及相应补丁:
cisco-sa-20121031-mp：Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing
链接：Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing  Ad

补丁下载：