PT-2004-1737 · Cisco+1 · Cisco Collaboration Server+1

Publicado

2004-07-13

Atualizado

2017-07-11

CVE-2004-0650

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Collaboration Server (CCS) versions prior to 3.0E

Description The issue allows remote attackers to upload and execute arbitrary files by making a direct call to the UploadServlet URL. This is possible due to a flaw in the UploadServlet in Cisco Collaboration Server (CCS) running ServletExec.

Recommendations For versions prior to 3.0E, update to version 3.0E or later to resolve the issue. As a temporary workaround, consider restricting access to the UploadServlet URL to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-0650

Produtos afetados

Cisco Collaboration Server

Servletexec

PT-2004-1737 · Cisco+1 · Cisco Collaboration Server+1

CVE-2004-0650

Identificadores relacionados

Produtos afetados

Referências · 6