Preview Tool

Cisco Bug: CSCsz68286 - UCM Security Issue: Cookie Initialization and Attributes

Last Modified

Jan 30, 2017

Products (8)

  • Cisco Unified Communications Manager (CallManager)
  • Cisco Business Edition 5000 Version 8.6
  • Cisco Intercompany Media Engine
  • Cisco Business Edition 3000 Version 8.6
  • Cisco Unified Communications Manager Version 8.6
  • Cisco Business Edition 6000 Version 8.6
  • Cisco Unity Connection Version 8.6
  • Cisco Unified Communications Manager Session Management Edition

Known Affected Releases

10.5(2.13900.12) 6.1(1a) 8.6(2) 8.6(2.23900.10)

Description (partial)

Insecure cookies: Sensitive, unencrypted information contained in cookies do not have any transport security, even if the web application uses
SSL, when the cookie is not set securely.

Default configuration.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.