Information Disclosure Vulnerability in Cisco Collaboration Server (CCS)
CVE-2010-0642

Currently unrated

Key Information:

Vendor: Cisco
Status: Collaboration Server
Vendor: CVE Published:; 17 February 2010

Summary

An information disclosure vulnerability exists in Cisco Collaboration Server (CCS) 5, whereby remote attackers can exploit specific behaviors in JHTML files. By using URL encoded characters in the filename extensions, attackers can gain unauthorized access to sensitive source code. Techniques such as changing the .jhtml extension to %2Ejhtml or appending specific characters can reveal various JHTML files including those linked to admin interfaces and forms. Affected components include important web pages like admin/CiscoAdmin.jhtml and webline/html/forms/callback.jhtml, which could expose sensitive information to potential attackers.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/56221

vdb-entryx_refsource_XF

http://www.exploit-db.com/exploits/11403

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/38202

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Feb 17, 2010
Vulnerability Reserved
Feb 17, 2010