[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Critical WebEx Vulnerability

From: Jon Kibler <Jon.Kibler@xxxxxxxx>
Subject: [WEB SECURITY] Critical WebEx Vulnerability
Date: Fri, 15 Aug 2008 09:37:41 -0400

------------=_1218807467-5749-644
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In case you are not on the Cisco PSIRT mailing list, Cisco announced a
critical vulnerability in WebEx (which Cisco now owns). See:
   http://www.cisco.com/warp/public/707/cisco-sa-20080814-webex.shtml

The interesting thing about this vulnerability is that you can clean up
all of your WebEx installs (Cisco says best approach is to uninstall the
WebEx software on all client machines), but as soon as you create a
session with a WebEx server that has not been upgraded, you are once
again vulnerable. In other words, you are at the mercy of your WebEx
presenter.

Still worse, there is not the first mention of this vulnerability on the
WebEx web site, despite the fact that Cisco says exploits are available.
Shame on WebEx. They need to get their security act together.

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkilhqUACgkQUVxQRc85QlPdBACgmnqWSIYyytOIVp2xQgSQnDJN
pkkAnRFkHuEyVEFDB54RdWhvfSzR0LST
=Mu9i
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



------------=_1218807467-5749-644
Content-Type: text/plain; charset=us-ascii

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
------------=_1218807467-5749-644--

Prev by Date: Re: [WEB SECURITY] JSON Hijacking - Cross-browser issue
Next by Date: Re: [WEB SECURITY] Re: The Great WAF Debate
Previous by thread: [WEB SECURITY] JSON Hijacking - Cross-browser issue
Next by thread: Re: [WEB SECURITY] Re: The Great WAF Debate
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site