Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Closing remote file download hole in MeetingPlace 2.1.1.2?

Hi, I'm trying to find out how to address the issue that you can browse to /public/tutorial?video=/../..//../..//../..//../..//../..//etc/passwd and download the passwd and similarly other files on the filesystem on MeetingPlace without any sort of authentication. Has there been a patch or some way to address this vulnerability?

Thanks!

Everyone's tags (1)
1 REPLY
Bronze

Re: Closing remote file download hole in MeetingPlace 2.1.1.2?

That's amazing. We shut down our system. Do you know if Cisco has documented this anywhere?

259
Views
0
Helpful
1
Replies