PT-2015-4979 · Ektron+1 · Ektron Content Management System+1

Matthias Kaiser

Publicado

2015-02-14

Atualizado

2015-02-17

CVE-2015-0931

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Ektron Content Management System (CMS) versions 8.5 through 8.7 before 8.7sp2 Ektron Content Management System (CMS) version 9.0 before sp1

Description The issue allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue, when the Saxon XSLT parser is used.

Recommendations For versions 8.5 through 8.7, update to 8.7sp2 or later to resolve the issue. For version 9.0, update to sp1 or later to resolve the issue.

Correção

RCE

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

CVE-2015-0931

Produtos afetados

Ektron Content Management System

Saxon Xslt Parser

PT-2015-4979 · Ektron+1 · Ektron Content Management System+1

CVE-2015-0931

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3