CVE-2010-0642 Information
Description
Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension as demonstrated by (1) changing .jhtml to 2Ejhtml (2) changing .jhtml to .jhtm6C (3) appending 00 after .jhtml and (4) appending c080 after .jhtml related to the (a) doc/docindex.jhtml (b) browserId/wizardForm.jhtml (c) webline/html/forms/callback.jhtml (d) webline/html/forms/callbackICM.jhtml (e) webline/html/agent/AgentFrame.jhtml (f) webline/html/agent/default/badlogin.jhtml (g) callme/callForm.jhtml (h) webline/html/multichatui/nowDefunctWindow.jhtml (i) browserId/wizard.jhtml (j) admin/CiscoAdmin.jhtml (k) msccallme/mscCallForm.jhtml and (l) webline/html/admin/wcs/LoginPage.jhtml components.
Reference
http://www.exploit-db.com/exploits/11403 http://www.securityfocus.com/bid/38202 https://exchange.xforce.ibmcloud.com/vulnerabilities/56221
Share on: