ID
VAR-200408-0057
CVE
CVE-2004-0650
TITLE
New Atlanta ServletExec Unauthorized Access Vulnerability
Trust: 0.9
DESCRIPTION
UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL. It has been reported that New Atlanta ServletExec is affected by an unauthorized access vulnerability; fixes are available. This issue is due to an access validation error. This issue would allow an attacker to upload and execute files on the affected computer, facilitating unauthorized interactive access as well as other attacks. This issue might also be leveraged to cause a denial of service condition in the affected server
Trust: 1.89
AFFECTED PRODUCTS
| vendor: | newatlanta | model: | servletexec | scope: | eq | version: | 2.2 | Trust: 1.6 |
| vendor: | newatlanta | model: | servletexec | scope: | eq | version: | 3.0 | Trust: 1.6 |
| vendor: | cisco | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | collaboration server | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | cisco | model: | collaboration server | scope: | eq | version: | 3.02 | Trust: 0.3 |
| vendor: | cisco | model: | collaboration server | scope: | eq | version: | 3.01 | Trust: 0.3 |
| vendor: | cisco | model: | collaboration server | scope: | eq | version: | 3.0 | Trust: 0.3 |
| vendor: | cisco | model: | collaboration server | scope: | ne | version: | 5.0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
access verification error
Trust: 0.6
EXTERNAL IDS
| db: | SECUNIA | id: | 11979 | Trust: 2.4 |
| db: | CERT/CC | id: | VU#718896 | Trust: 2.4 |
| db: | NVD | id: | CVE-2004-0650 | Trust: 1.9 |
| db: | BID | id: | 10639 | Trust: 1.9 |
| db: | CISCO | id: | 20040630 CISCO COLLABORATION SERVER VULNERABILITY | Trust: 0.6 |
| db: | XF | id: | 16553 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-200408-058 | Trust: 0.6 |
REFERENCES
| url: | http://www.cisco.com/warp/public/707/cisco-sa-20040630-ccs.shtml | Trust: 2.7 |
| url: | http://secunia.com/advisories/11979/ | Trust: 2.4 |
| url: | http://www.kb.cert.org/vuls/id/718896 | Trust: 1.6 |
| url: | http://www.securityfocus.com/bid/10639 | Trust: 1.6 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/16553 | Trust: 1.0 |
| url: | http://www.cisco.com/warp/public/180/prod_plat/cust_cont/cis/web_collaboration.html | Trust: 0.8 |
| url: | http://www.newatlanta.com/biz/c/products/servletexec/self_help/faq/detail?faqid=195 | Trust: 0.8 |
| url: | http://www.cisco.com/application/pdf/en/us/guest/products/ps1001/c1067/ccmigration_09186a008020f9b4.pdf | Trust: 0.8 |
| url: | http://xforce.iss.net/xforce/xfdb/16553 | Trust: 0.6 |
| url: | http://www.newatlanta.com/ | Trust: 0.3 |
| url: | http://www.newatlanta.com/products/servletexec/index.jsp | Trust: 0.3 |
CREDITS
Cisco PSIRT※ psirt@cisco.com
Trust: 0.6
SOURCES
| db: | CERT/CC | id: | VU#718896 |
| db: | BID | id: | 10639 |
| db: | CNNVD | id: | CNNVD-200408-058 |
| db: | NVD | id: | CVE-2004-0650 |
LAST UPDATE DATE
2024-08-14T14:35:52.279000+00:00
SOURCES UPDATE DATE
| db: | CERT/CC | id: | VU#718896 | date: | 2004-07-09T00:00:00 |
| db: | BID | id: | 10639 | date: | 2009-07-12T05:16:00 |
| db: | CNNVD | id: | CNNVD-200408-058 | date: | 2005-10-20T00:00:00 |
| db: | NVD | id: | CVE-2004-0650 | date: | 2017-07-11T01:30:20.713 |
SOURCES RELEASE DATE
| db: | CERT/CC | id: | VU#718896 | date: | 2004-07-09T00:00:00 |
| db: | BID | id: | 10639 | date: | 2004-06-30T00:00:00 |
| db: | CNNVD | id: | CNNVD-200408-058 | date: | 2004-06-30T00:00:00 |
| db: | NVD | id: | CVE-2004-0650 | date: | 2004-08-06T04:00:00 |