CVE-2004-0650
CVSS10.0
发布时间 :2004-08-06 00:00:00
修订时间 :2008-09-05 16:39:00
NMCOS    

[原文]UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL.


[CNNVD]New Atlanta ServletExec未授权访问漏洞(CNNVD-200408-058)

        
        Cisco Collaboration Server使用了New Atlanta提供的ServletExec子组件。
        早于5.0的CCS服务程序包含的ServletExec存在访问验证错误,远程攻击者可以利用这个漏洞上传文件并获得管理员权限。
        通过ServletExec,攻击者可以上传文件到WEB服务器,并调用它们。攻击者可以提交 http:///servlet/UploadServlet URL请求来判断漏洞是否存在,如果结果是NullPointerException,那么表示漏洞存在,如果显示'Page Not Found error',表示漏洞不存在。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:newatlanta:servletexec:3.0
cpe:/a:newatlanta:servletexec:2.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0650
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0650
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-058
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/718896
(VENDOR_ADVISORY)  CERT-VN  VU#718896
http://www.securityfocus.com/bid/10639
(VENDOR_ADVISORY)  BID  10639
http://xforce.iss.net/xforce/xfdb/16553
(VENDOR_ADVISORY)  XF  ccs-servletexec-gain-privileges(16553)
http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml
(UNKNOWN)  CISCO  20040630 Cisco Collaboration Server Vulnerability
http://secunia.com/advisories/11979/
(UNKNOWN)  SECUNIA  11979

- 漏洞信息

New Atlanta ServletExec未授权访问漏洞
危急 访问验证错误
2004-08-06 00:00:00 2005-10-20 00:00:00
远程  
        
        Cisco Collaboration Server使用了New Atlanta提供的ServletExec子组件。
        早于5.0的CCS服务程序包含的ServletExec存在访问验证错误,远程攻击者可以利用这个漏洞上传文件并获得管理员权限。
        通过ServletExec,攻击者可以上传文件到WEB服务器,并调用它们。攻击者可以提交 http:///servlet/UploadServlet URL请求来判断漏洞是否存在,如果结果是NullPointerException,那么表示漏洞存在,如果显示'Page Not Found error',表示漏洞不存在。
        

- 公告与补丁

        厂商补丁:
        Cisco
        -----
        Cisco已经为此发布了一个安全公告(cisco-sa-20040630-CCS)以及相应补丁:
        cisco-sa-20040630-CCS:Cisco Collaboration Server Vulnerability
        链接:
        http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml

        针对CCS 3.x执行如下步骤:
        1. 停止IIS.
        2. 运行解压缩工具打开ServletExec22.jar到如下目录:
        C:\Program Files\new atlanta\servletexec ISAPI\lib
        3. 删除UploadServlet.class.
        4. 保存ServletExec22.jar到它的原始位置并退出Winzip
        5. 重启IIS.
        针对CCS 4.x执行如下步骤:
        1. S停止IIS.
        2. 运行解压缩工具打开ServletExec30.jar到如下目录
        C:\Program Files\new atlanta\servletexec ISAPI\lib
        3. 删除UploadServlet.class.
        4. 保存ServletExec22.jar到它的原始位置并退出Winzip
        5. 重启IIS.
        客户可以联系供应商获得相关补丁。

- 漏洞信息

7317
Cisco Collaboration Server ServletExec Arbitrary File Upload
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

Cisco Collaboration Server contains a flaw that may allow a malicious user to upload arbitrary files. The issue is triggered when an attacker uses ServletExec to upload files. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

- 时间线

2004-07-01 Unknow
2004-07-01 Unknow

- 解决方案

Upgrade to version 5.0 or higher, as it has been reported to fix this vulnerability. In addition, Cisco has released a patch for some older versions.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

New Atlanta ServletExec Unauthorized Access Vulnerability
Access Validation Error 10639
Yes No
2004-06-30 12:00:00 2009-07-12 05:16:00
The individual responsible for the discovery of this issue is currently unknown; this issue was disclosed in the referenced Cisco advisory.

- 受影响的程序版本

NewAtlanta ServletExec 3.0
+ Cisco Collaboration Server 4.0
NewAtlanta ServletExec 2.2
+ Cisco Collaboration Server 3.0 2
+ Cisco Collaboration Server 3.0 1
+ Cisco Collaboration Server 3.0
Cisco Collaboration Server 4.0
Cisco Collaboration Server 3.0 2
Cisco Collaboration Server 3.0 1
Cisco Collaboration Server 3.0
NewAtlanta ServletExec 4.1
+ Cisco Collaboration Server 5.0
NewAtlanta ServletExec 3.0 E
Cisco Collaboration Server 5.0

- 不受影响的程序版本

NewAtlanta ServletExec 4.1
+ Cisco Collaboration Server 5.0
NewAtlanta ServletExec 3.0 E
Cisco Collaboration Server 5.0

- 漏洞讨论

It has been reported that New Atlanta ServletExec is affected by an unauthorized access vulnerability; fixes are available. This issue is due to an access validation error.

This issue would allow an attacker to upload and execute files on the affected computer, facilitating unauthorized interactive access as well as other attacks. This issue might also be leveraged to cause a denial of service condition in the affected server.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Cisco has released Security Advisory 59687 dealing with this issue for their Collaboration Server package. Please see the referenced advisory for more information.

It is conjectured that New Atlanta has issued fixes for this issue. This cannot be confirmed at the moment. Please contact the vendor for more information. Users are advised to upgrade to a newer version of the application.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站