Software Engineering Institute

The Cisco Collaboration Server (CCS) is designed to provide interactive customer support (web page sharing, application sharing, text chat, etc.) through a web browser. There is a vulnerability in the UploadServlet of the ServletExec subcomponent of CCS. This vulnerability could allow a remote attacker to upload arbitrary files to the server and subsequently execute those files.

As noted in the Cisco Advisory, you can test your CCS to determine if it is vulnerable by attempting to load the following URL:

http://<ccsservername>/servlet/UploadServlet

If a NullPointerException is returned, the system is vulnerable. If a "Page Not Found" error is returned, your system is not vulnerable.

A remote attacker could upload arbitrary files to the CCS and potentially gain administrative privileges.

Apply patch
Cisco has released an advisory "Cisco Collaboration Server Vulnerability" to address this issue. For more information on applying patches, please refer to the "Software Versions and Fixes" section of the Cisco Advisory.

Manually remove UploadServlet class
According to the Cisco Advisory, users may perform the following steps to manually apply the patch:

Manual Instructions to Patch CCS 3.x

1. Stop Internet Information Server (IIS).
2. Run Winzip or your favorite zip utility and open ServletExec22.jar in the C:\Program Files\ew atlanta\servletexec ISAPI\lib directory.
3. Delete UploadServlet.class.
4. Save ServletExec22.jar back to its original location and exit Winzip.
5. Restart IIS.

1. Stop Internet Information Server (IIS).
2. Run Winzip or your favorite zip utility and open ServletExec30.jar in the C:\Program Files\ew atlanta\servletexec ISAPI\lib directory.
3. Delete UploadServlet.class.
4. Save ServletExec30.jar back to its original location and exit Winzip.
5. Restart IIS.