CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0650

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0770%
EPSS Percentile15.85th
PublishedAug 6, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL.

Affected Platforms (CPE)

πŸ“¦
Newatlanta

Servletexec

= 2.2
πŸ“¦
Newatlanta

Servletexec

= 3.0

References & Advisories

πŸ”— http://secunia.com/advisories/11979/
πŸ”— http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml
πŸ”— http://www.kb.cert.org/vuls/id/718896
πŸ”— http://www.securityfocus.com/bid/10639
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/16553
πŸ”— http://secunia.com/advisories/11979/
πŸ”— http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml
πŸ”— http://www.kb.cert.org/vuls/id/718896

Related Vulnerabilities

CVE-2000-102410.0

eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers t...

CVE-2000-04987.5

Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP e...

CVE-2002-08925.0

The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a ...

CVE-2002-08935.0

Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to read arbitrary files via a URL-en...