Cisco Jabber Guest Server HTTP URL Redirection Vulnerability

Title:

Cisco Jabber Guest Server HTTP URL Redirection Vulnerability

Release Date:

Dec. 21, 2016

Patch Date:

Dec. 21, 2016

Vendor:

Cisco

Systems Affected:

Cisco Jabber Guest Server

Summary:

A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts.

Vendor Status:

We worked with Cisco to patch the affected application. A further write-up can be found here.

References:

Researcher(s):

  • Jake Miller of Bishop Fox