Cisco Bug: CSCuo50675 - CUCDM: Session Cookie domain and Path are not specified .
Aug 06, 2018
- Cisco Hosted Collaboration Solution (HCS)
Known Affected Releases
Symptom: Cisco Unified Communications Domain Manager (CUCDM) leverages the default Cookie Path and Domain attributes that are inherited from the URL of the application. This may be flagged by vulnerability scanners, and called out as a low or informational issue. It is best practice to set these values as restrictive as possible, but due to web application design it is sometimes not possible. The team responsible for CUCDM will be investigating to see if they can make this hardening change by using very restrictive paths and domains. This issue was reported to Cisco by Fatih Ozavci from Sense of Security Conditions: Devices running Cisco Unified Communications Domain Manager versions 8.5 and prior are affected.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases