SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#718896

Cisco Collaboration Server (CCS) ServletExec allows arbitrary file uploading

Overview

There is a vulnerability in the ServletExec subcomponent of the Cisco Collaboration Server (CCS) that could allow an attacker to upload arbitrary files to the server.

I. Description

The Cisco Collaboration Server (CCS) is designed to provide interactive customer support (web page sharing, application sharing, text chat, etc.) through a web browser. There is a vulnerability in the UploadServlet of the ServletExec subcomponent of CCS. This vulnerability could allow a remote attacker to upload arbitrary files to the server and subsequently execute those files.

As noted in the Cisco Advisory, you can test your CCS to determine if it is vulnerable by attempting to load the following URL:

    http://<ccsservername>/servlet/UploadServlet

If a NullPointerException is returned, the system is vulnerable. If a "Page Not Found" error is returned, your system is not vulnerable.

II. Impact

A remote attacker could upload arbitrary files to the CCS and potentially gain administrative privileges.

III. Solution

Apply patch

Cisco has released an advisory "Cisco Collaboration Server Vulnerability" to address this issue. For more information on applying patches, please refer to the "Software Versions and Fixes" section of the Cisco Advisory.

Manually remove UploadServlet class
According to the Cisco Advisory, users may perform the following steps to manually apply the patch:

    Manual Instructions to Patch CCS 3.x

    1. Stop Internet Information Server (IIS).
    2. Run Winzip or your favorite zip utility and open ServletExec22.jar in the C:\Program Files\new atlanta\servletexec ISAPI\lib directory.
    3. Delete UploadServlet.class.
    4. Save ServletExec22.jar back to its original location and exit Winzip.
    5. Restart IIS.
    Manual Instructions to Patch CCS 4.x

    1. Stop Internet Information Server (IIS).
    2. Run Winzip or your favorite zip utility and open ServletExec30.jar in the C:\Program Files\new atlanta\servletexec ISAPI\lib directory.
    3. Delete UploadServlet.class.
    4. Save ServletExec30.jar back to its original location and exit Winzip.
    5. Restart IIS.

CCS 5.x is not vulnerable and these manual instructions do not apply.

Systems Affected
VendorStatusDate NotifiedDate Updated
Cisco Systems Inc.Vulnerable9-Jul-2004

References


http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml
http://www.cisco.com/warp/public/180/prod_plat/cust_cont/cis/web_collaboration.html
http://secunia.com/advisories/11979/
http://www.newatlanta.com/biz/c/products/servletexec/self_help/faq/detail?faqId=195
http://www.cisco.com/application/pdf/en/us/guest/products/ps1001/c1067/ccmigration_09186a008020f9b4.pdf

Credit

This vulnerability was reported by the Cisco Systems Product Security Incident Response Team (PSIRT).

This document was written by Damon Morda.

Other Information

Date Public:2004-06-30
Date First Published:2004-07-09
Date Last Updated:2004-07-09
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:8.93
Document Revision:10

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader