VAR-200408-0057
Vulnerability from variot - Updated: 2025-04-03 22:26UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL. It has been reported that New Atlanta ServletExec is affected by an unauthorized access vulnerability; fixes are available. This issue is due to an access validation error. This issue would allow an attacker to upload and execute files on the affected computer, facilitating unauthorized interactive access as well as other attacks. This issue might also be leveraged to cause a denial of service condition in the affected server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200408-0057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "servletexec",
"scope": "eq",
"trust": 1.6,
"vendor": "newatlanta",
"version": "2.2"
},
{
"model": "servletexec",
"scope": "eq",
"trust": 1.6,
"vendor": "newatlanta",
"version": "3.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.02"
},
{
"model": "collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.01"
},
{
"model": "collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "collaboration server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#718896"
},
{
"db": "BID",
"id": "10639"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
},
{
"db": "NVD",
"id": "CVE-2004-0650"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PSIRT\u203b psirt@cisco.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0650",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-0650",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-0650",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#718896",
"trust": 0.8,
"value": "8.93"
},
{
"author": "CNNVD",
"id": "CNNVD-200408-058",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#718896"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
},
{
"db": "NVD",
"id": "CVE-2004-0650"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL. It has been reported that New Atlanta ServletExec is affected by an unauthorized access vulnerability; fixes are available. This issue is due to an access validation error. \nThis issue would allow an attacker to upload and execute files on the affected computer, facilitating unauthorized interactive access as well as other attacks. This issue might also be leveraged to cause a denial of service condition in the affected server",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0650"
},
{
"db": "CERT/CC",
"id": "VU#718896"
},
{
"db": "BID",
"id": "10639"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "11979",
"trust": 2.4
},
{
"db": "CERT/CC",
"id": "VU#718896",
"trust": 2.4
},
{
"db": "NVD",
"id": "CVE-2004-0650",
"trust": 1.9
},
{
"db": "BID",
"id": "10639",
"trust": 1.9
},
{
"db": "CISCO",
"id": "20040630 CISCO COLLABORATION SERVER VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "16553",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200408-058",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#718896"
},
{
"db": "BID",
"id": "10639"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
},
{
"db": "NVD",
"id": "CVE-2004-0650"
}
]
},
"id": "VAR-200408-0057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2025-04-03T22:26:17.807000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0650"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040630-ccs.shtml"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/11979/"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/718896"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/10639"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16553"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/180/prod_plat/cust_cont/cis/web_collaboration.html"
},
{
"trust": 0.8,
"url": "http://www.newatlanta.com/biz/c/products/servletexec/self_help/faq/detail?faqid=195"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/application/pdf/en/us/guest/products/ps1001/c1067/ccmigration_09186a008020f9b4.pdf"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/16553"
},
{
"trust": 0.3,
"url": "http://www.newatlanta.com/"
},
{
"trust": 0.3,
"url": "http://www.newatlanta.com/products/servletexec/index.jsp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#718896"
},
{
"db": "BID",
"id": "10639"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
},
{
"db": "NVD",
"id": "CVE-2004-0650"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#718896"
},
{
"db": "BID",
"id": "10639"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
},
{
"db": "NVD",
"id": "CVE-2004-0650"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-07-09T00:00:00",
"db": "CERT/CC",
"id": "VU#718896"
},
{
"date": "2004-06-30T00:00:00",
"db": "BID",
"id": "10639"
},
{
"date": "2004-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-058"
},
{
"date": "2004-08-06T04:00:00",
"db": "NVD",
"id": "CVE-2004-0650"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-07-09T00:00:00",
"db": "CERT/CC",
"id": "VU#718896"
},
{
"date": "2009-07-12T05:16:00",
"db": "BID",
"id": "10639"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-058"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-0650"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "New Atlanta ServletExec Unauthorized Access Vulnerability",
"sources": [
{
"db": "BID",
"id": "10639"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-058"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…