CVE-2014-3302 Information

Description

user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption which allows remote attackers to obtain sensitive information via a crafted URL aka Bug ID CSCuj81708.

Reference

http://secunia.com/advisories/58624 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3302 http://tools.cisco.com/security/center/viewAlert.x?alertId=35050 http://www.securityfocus.com/bid/68904 http://www.securitytracker.com/id/1030646 https://exchange.xforce.ibmcloud.com/vulnerabilities/94892