Search criteria
4 vulnerabilities found for servletexec by newatlanta
VAR-200408-0057
Vulnerability from variot - Updated: 2025-04-03 22:26UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL. It has been reported that New Atlanta ServletExec is affected by an unauthorized access vulnerability; fixes are available. This issue is due to an access validation error. This issue would allow an attacker to upload and execute files on the affected computer, facilitating unauthorized interactive access as well as other attacks. This issue might also be leveraged to cause a denial of service condition in the affected server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200408-0057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "servletexec",
"scope": "eq",
"trust": 1.6,
"vendor": "newatlanta",
"version": "2.2"
},
{
"model": "servletexec",
"scope": "eq",
"trust": 1.6,
"vendor": "newatlanta",
"version": "3.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.02"
},
{
"model": "collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.01"
},
{
"model": "collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "collaboration server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#718896"
},
{
"db": "BID",
"id": "10639"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
},
{
"db": "NVD",
"id": "CVE-2004-0650"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PSIRT\u203b psirt@cisco.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0650",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-0650",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-0650",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#718896",
"trust": 0.8,
"value": "8.93"
},
{
"author": "CNNVD",
"id": "CNNVD-200408-058",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#718896"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
},
{
"db": "NVD",
"id": "CVE-2004-0650"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL. It has been reported that New Atlanta ServletExec is affected by an unauthorized access vulnerability; fixes are available. This issue is due to an access validation error. \nThis issue would allow an attacker to upload and execute files on the affected computer, facilitating unauthorized interactive access as well as other attacks. This issue might also be leveraged to cause a denial of service condition in the affected server",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0650"
},
{
"db": "CERT/CC",
"id": "VU#718896"
},
{
"db": "BID",
"id": "10639"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "11979",
"trust": 2.4
},
{
"db": "CERT/CC",
"id": "VU#718896",
"trust": 2.4
},
{
"db": "NVD",
"id": "CVE-2004-0650",
"trust": 1.9
},
{
"db": "BID",
"id": "10639",
"trust": 1.9
},
{
"db": "CISCO",
"id": "20040630 CISCO COLLABORATION SERVER VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "16553",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200408-058",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#718896"
},
{
"db": "BID",
"id": "10639"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
},
{
"db": "NVD",
"id": "CVE-2004-0650"
}
]
},
"id": "VAR-200408-0057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2025-04-03T22:26:17.807000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0650"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040630-ccs.shtml"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/11979/"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/718896"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/10639"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16553"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/180/prod_plat/cust_cont/cis/web_collaboration.html"
},
{
"trust": 0.8,
"url": "http://www.newatlanta.com/biz/c/products/servletexec/self_help/faq/detail?faqid=195"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/application/pdf/en/us/guest/products/ps1001/c1067/ccmigration_09186a008020f9b4.pdf"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/16553"
},
{
"trust": 0.3,
"url": "http://www.newatlanta.com/"
},
{
"trust": 0.3,
"url": "http://www.newatlanta.com/products/servletexec/index.jsp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#718896"
},
{
"db": "BID",
"id": "10639"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
},
{
"db": "NVD",
"id": "CVE-2004-0650"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#718896"
},
{
"db": "BID",
"id": "10639"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
},
{
"db": "NVD",
"id": "CVE-2004-0650"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-07-09T00:00:00",
"db": "CERT/CC",
"id": "VU#718896"
},
{
"date": "2004-06-30T00:00:00",
"db": "BID",
"id": "10639"
},
{
"date": "2004-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-058"
},
{
"date": "2004-08-06T04:00:00",
"db": "NVD",
"id": "CVE-2004-0650"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-07-09T00:00:00",
"db": "CERT/CC",
"id": "VU#718896"
},
{
"date": "2009-07-12T05:16:00",
"db": "BID",
"id": "10639"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-058"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-0650"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "New Atlanta ServletExec Unauthorized Access Vulnerability",
"sources": [
{
"db": "BID",
"id": "10639"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
}
],
"trust": 0.6
}
}
VAR-201008-0391
Vulnerability from variot - Updated: 2022-05-17 22:51ServletExec is a JSP and Java Servlet engine that is used as a plugin for popular web servers like Apache, IIS, Netscape, and more. ServletExec has multiple security vulnerabilities that allow malicious users to obtain sensitive information or bypass security restrictions. - The input to the \"page\" parameter passed to servlet/pagecompile._admin._help._helpContent_xjsp is missing validation when used to display the file, and an attacker can obtain arbitrary file content through directory traversal. - Missing validation of precompiled JSP pages in the management interface, direct access to precompiled pages in the \"Servlet Exec Admin\" package bypasses administrator authentication (eg servlet/pagecompile._admin._userMgt_xjsp). ServletExec is prone to a directory-traversal vulnerability and multiple authentication-bypass vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Versions prior to ServletExec 6.0.0.2_39 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201008-0391",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "servletexec",
"scope": "eq",
"trust": 0.6,
"vendor": "newatlanta",
"version": "6.x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1596"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stefano Di Paola; Giorgio Fedon",
"sources": [
{
"db": "BID",
"id": "42411"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ServletExec is a JSP and Java Servlet engine that is used as a plugin for popular web servers like Apache, IIS, Netscape, and more. ServletExec has multiple security vulnerabilities that allow malicious users to obtain sensitive information or bypass security restrictions. - The input to the \\\"page\\\" parameter passed to servlet/pagecompile._admin._help._helpContent_xjsp is missing validation when used to display the file, and an attacker can obtain arbitrary file content through directory traversal. - Missing validation of precompiled JSP pages in the management interface, direct access to precompiled pages in the \\\"Servlet Exec Admin\\\" package bypasses administrator authentication (eg servlet/pagecompile._admin._userMgt_xjsp). ServletExec is prone to a directory-traversal vulnerability and multiple authentication-bypass vulnerabilities because the application fails to sufficiently sanitize user-supplied input. \nVersions prior to ServletExec 6.0.0.2_39 are vulnerable",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1596"
},
{
"db": "BID",
"id": "42411"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "42411",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2010-1596",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1596"
},
{
"db": "BID",
"id": "42411"
}
]
},
"id": "VAR-201008-0391",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1596"
}
],
"trust": 1.01666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1596"
}
]
},
"last_update_date": "2022-05-17T22:51:30.732000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ServletExec directory traversal and validation bypassing patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/824"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1596"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.mindedsecurity.com/msa260209.htmlhttp"
},
{
"trust": 0.3,
"url": "http://www.mindedsecurity.com/msa260209.html"
},
{
"trust": 0.3,
"url": "http://www.newatlanta.com/products/servletexec/index.jsp"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1596"
},
{
"db": "BID",
"id": "42411"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1596"
},
{
"db": "BID",
"id": "42411"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1596"
},
{
"date": "2010-08-12T00:00:00",
"db": "BID",
"id": "42411"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1596"
},
{
"date": "2010-08-12T00:00:00",
"db": "BID",
"id": "42411"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "42411"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ServletExec Directory Traversal and Validation Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1596"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "42411"
}
],
"trust": 0.3
}
}
CVE-2004-0650 (GCVE-0-2004-0650)
Vulnerability from nvd – Published: 2004-07-13 04:00 – Updated: 2024-08-08 00:24
VLAI?
Summary
UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#718896",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/718896"
},
{
"name": "20040630 Cisco Collaboration Server Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml"
},
{
"name": "10639",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10639"
},
{
"name": "11979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11979/"
},
{
"name": "ccs-servletexec-gain-privileges(16553)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16553"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#718896",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/718896"
},
{
"name": "20040630 Cisco Collaboration Server Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml"
},
{
"name": "10639",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10639"
},
{
"name": "11979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11979/"
},
{
"name": "ccs-servletexec-gain-privileges(16553)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16553"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#718896",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/718896"
},
{
"name": "20040630 Cisco Collaboration Server Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml"
},
{
"name": "10639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10639"
},
{
"name": "11979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11979/"
},
{
"name": "ccs-servletexec-gain-privileges(16553)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16553"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0650",
"datePublished": "2004-07-13T04:00:00",
"dateReserved": "2004-07-09T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0650 (GCVE-0-2004-0650)
Vulnerability from cvelistv5 – Published: 2004-07-13 04:00 – Updated: 2024-08-08 00:24
VLAI?
Summary
UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#718896",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/718896"
},
{
"name": "20040630 Cisco Collaboration Server Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml"
},
{
"name": "10639",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10639"
},
{
"name": "11979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11979/"
},
{
"name": "ccs-servletexec-gain-privileges(16553)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16553"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#718896",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/718896"
},
{
"name": "20040630 Cisco Collaboration Server Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml"
},
{
"name": "10639",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10639"
},
{
"name": "11979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11979/"
},
{
"name": "ccs-servletexec-gain-privileges(16553)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16553"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#718896",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/718896"
},
{
"name": "20040630 Cisco Collaboration Server Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml"
},
{
"name": "10639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10639"
},
{
"name": "11979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11979/"
},
{
"name": "ccs-servletexec-gain-privileges(16553)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16553"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0650",
"datePublished": "2004-07-13T04:00:00",
"dateReserved": "2004-07-09T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}