PT-2018-9578 · Esigate · Esigate

Benoit Côté-Jodoin

+1

·

Publicado

2018-12-20

·

Atualizado

2019-01-07

·

CVE-2018-1000854

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions esigate version 5.2 and earlier
Description The issue concerns a problem with the neutralization of special elements in output used by a downstream component, which can lead to remote code execution. This is exploitable via the use of another weakness in the backend application to reflect ESI directives.
Recommendations For esigate versions 5.2 and earlier, update to version 5.3 to resolve the issue.

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

CVE-2018-1000854
GHSA-HJM9-576Q-399P

Produtos afetados

Esigate