Pentest Security Advisory : PTL-2004-05
Vulnerability in Cisco Collaboration Server

Advisory Details

Title: Vulnerability in Cisco Collaboration Server
Announcement date: 30th June 2004
Advisory Reference: ptl-2004-05
Products: Cisco Collaboration Server
Vulnerability Type: Remote Code Execution / Elevation of Privileges
Vendor-Status: Patches Available
Remotely Exploitable: Yes
Locally Exploitable: Yes
Advisory URL:

Vulnerability Description

Versions of Cisco Collaboration Server prior to 5.x use a flawed version of ServletExec that allows an attacker to upload arbitrary files to the web server and directly invoke them, gaining administrative privileges.

Vulnerable Versions

CCS 4.x ships with ServletExec 3.0 which is vulnerable until patched.

CCS 3.x ships with ServletExec 2.2 which is vulnerable until patched.

Fix / Workarounds

CCS 4.0 customers can patch the software with an automated script or upgrade to CCS 5.x.

An automated script is not available for CCS 3.0. To patch this version Customers can either:

a) Follow the manual instructions in the Workaround section of the Cisco advisory
b) Upgrade to CCS 4.x and patch the software with the automated script
c) Upgrade to CCS 5.x.


This vulnerability was discovered by Matt Moore from Pentest Limited

arrow morePTL-2004-06

PTL-2004-04arrow more

Security Services

Pentest offers a thorough, yet adaptive range of security services to help customers address vulnerabilities in their network or applications. Services include: Secure Coding Workshops, SAST tools, Manual Penetration Testing and Security Audits.

read more arrow more

Database Services

Pentest offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these systems.

read more arrow more

© Copyright Pentest Limited 2001 - 2016 All Rights Reserved. Privacy statement