Guest

Preview Tool

Cisco Bug: CSCvu24796 - Web App's for unity connection should have there speciifc timeout and follow the security guidelines

Last Modified

Aug 26, 2020

Products (1)

  • Cisco Unity Connection

Known Affected Releases

11.5 12.0 12.5 14.0

Description (partial)

Symptom:
Note : Symptoms mentioned below are observed w.r.t to Cisco Jabber used widely within org . but shall will be applicable to all clients consuming VMrest and maintain session renew logic

1- User not able to Mark Read ,Unread and Delete message using jabber after 15min from sign-in as session expired on unity and unity throw 401 for all such request

2- High VMrest traffic each time at 20min (Jabber version 12.7 or below) and 27 min(jabber version 12.8 and above) 

3- New subscription each time as unity returns new session as old is expired to Jabber and jabber do re-subscribe for new subscription to session . This happens at same @20min (Jabber version 12.7 or below)  and @27min (jabber version 12.8 and above)  which is keep alive for Jabber to renew session with unity 

4- Relatively high VMrest traffic as jabber attempts fresh login after receiving 401 from unity on latest release 12.8 onwards . Older release Jabber 12.7 or below jabber stop to connect as received 401 from unity

Conditions:
1- Unity running in Fed ramp mode (Enhance security mode) 11.5SU3 on wards making session timeout 15min automatically as part of process 

2- Customer having any compliance like PCI where session timeout is set to 15min using CLI "set webapp session timeout" on unity connection

3- Customer have jabber integrated with voice mail
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.