|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA11979] Cisco Collaboration Server ServletExec Arbitrary File Upload Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Jul 01 2004 - 07:18:35 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Cisco Collaboration Server ServletExec Arbitrary File Upload
Vulnerability
SECUNIA ADVISORY ID:
SA11979
VERIFY ADVISORY:
http://secunia.com/advisories/11979/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
ServletExec 3.x
http://secunia.com/product/3647/
ServletExec 2.x
http://secunia.com/product/3646/
Cisco Collaboration Server (CSS) 3.x
http://secunia.com/product/3644/
Cisco Collaboration Server (CSS) 4.x
http://secunia.com/product/3645/
DESCRIPTION:
Matt Moore has discovered a vulnerability in Cisco Collaboration
Server (CCS), which can be exploited by malicious people to
compromise a vulnerable system.
The vulnerability is caused due to an error within the UploadServlet
in the ServletExec subcomponent, allowing arbitrary files to be
uploaded and executed.
Successful exploitation may reportedly grant a malicious person
administrative privileges.
The vulnerability affects CCS (prior to 5.0) using a ServletExec
version prior to 3.0E.
SOLUTION:
Various solutions are available.
-- Cisco Collaboration Server 3.x --
Upgrade to CCS 5.x
OR
Upgrade to CCS 4.x and use the following script:
http://www.cisco.com/cgi-bin/tablebuild.pl/ccs40
OR
Follow manual actions in original advisory's "Workarounds" section
-- Cisco Collaboration Server 4.x --
Upgrade to CCS 5.x
OR
Use the following script, which fixes the issue:
http://www.cisco.com/cgi-bin/tablebuild.pl/ccs40
OR
Follow manual actions in original advisory's "Workarounds" section
-- ServletExec --
Upgrade to version 3.0E or later.
PROVIDED AND/OR DISCOVERED BY:
Matt Moore
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]