Guest

Preview Tool

Cisco Bug: CSCuo50675 - CUCDM: Session Cookie domain and Path are not specified .

Last Modified

Aug 06, 2018

Products (1)

  • Cisco Hosted Collaboration Solution (HCS)

Known Affected Releases

4.4(2)

Description (partial)

Symptom:
Cisco Unified Communications Domain Manager (CUCDM) leverages the default Cookie Path and Domain attributes that are inherited from the URL of 
the application.   This may be flagged by vulnerability scanners, and called out as a low or informational issue.  

It is best practice to set these values as restrictive as possible, but due to web application design it is sometimes not possible.  The team responsible for 
CUCDM will be investigating to see if they can make this hardening change by using very restrictive paths and domains.

This issue was reported to Cisco by Fatih Ozavci from Sense of Security

Conditions:
Devices running Cisco Unified Communications Domain Manager versions 8.5 and prior are affected.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.