Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2) changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4) appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml, (b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml, (d) webline/html/forms/callbackICM.jhtml, (e) webline/html/agent/AgentFrame.jhtml, (f) webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml, (h) webline/html/multichatui/nowDefunctWindow.jhtml, (i) browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k) msccallme/mscCallForm.jhtml, and (l) webline/html/admin/wcs/LoginPage.jhtml components.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cisco Collaboration 服务器源代码泄露漏洞
Vulnerability Description
Cisco Collaboration 服务器存在源代码信息泄露漏洞。远程攻击者通过在多个脚本的文件名扩展名中加入编码的URL,读取JHTML脚本文件源代码。加入的编码包括:(1) 将.jhtml 改为 %2Ejhtml, (2) 将 .jhtml 改为 .jhtm%6C, (3) 在 .jhtml 之后加入%00, (4) 在 .jhtml 之后加入%c0%80 ,相关的脚本包括: (a) doc/docindex.jhtml, (b) browserId/wizardForm.jhtml, (c) w
CVSS Information
N/A
Vulnerability Type
N/A