CVE-2013-3398

{"id": "CVE-2013-3398", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-06-26T21:55:04.360", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3398", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, aka Bug ID CSCuh64574."}, {"lang": "es", "value": "El framework we en Cisco Prime Central para Hosted Collaboration Solution (HCS) Assurance ofrece distintas respuestas para peticiones de nombres de rutas arbitrarios dependiendo de si el nombre de ruta existe, lo que permite a atacantes remotos listar los directorios y archivos a trav\u00e9s de una serie de peticiones manipuladas. Aka Bug ID CSCuh64574."}], "lastModified": "2013-06-27T22:41:43.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_central_for_hosted_collaboration_solution:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "402BF925-7B58-4DF2-9565-DF6680666F46"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}