PT-2017-8775 · Automated Logic+1 · Liebert Sitescan Web+2
Evgeny Ermakov
·
Publicado
2017-08-31
·
Atualizado
2021-07-27
·
CVE-2016-5795
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Automated Logic Corporation (ALC) Liebert SiteScan Web versions 6.5 and prior
ALC WebCTRL versions 6.5 and prior
Carrier i-Vu versions 6.5 and prior
Description
An issue was discovered that allows an attacker to enter malicious input through a weakly configured XML parser, causing the application to execute arbitrary code or disclose file contents from a server or connected network.
Recommendations
For ALC Liebert SiteScan Web versions 6.5 and prior, consider disabling the XML parser until a patch is available.
For ALC WebCTRL versions 6.5 and prior, restrict access to the XML parsing functionality to minimize the risk of exploitation.
For Carrier i-Vu versions 6.5 and prior, avoid using weakly configured XML parsers in the application until the issue is resolved.
Correção
XXE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Liebert Sitescan Web
Webctrl
I-Vu