PT-2015-4973 · Ektron · Ektron Content Management System

Matthias Kaiser

Published

2015-02-14

Updated

2015-02-17

CVE-2015-0923

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ektron Content Management System (CMS) versions 8.5 through 8.7 before 8.7sp2 Ektron Content Management System (CMS) version 9.0 before sp1

Description The issue allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.

Recommendations For Ektron Content Management System (CMS) versions 8.5 through 8.7 before 8.7sp2, update to version 8.7sp2 or later. For Ektron Content Management System (CMS) version 9.0 before sp1, update to version 9.0 sp1 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2015-0923

Affected Products

Ektron Content Management System

PT-2015-4973 · Ektron · Ektron Content Management System

CVE-2015-0923

Related Identifiers

Affected Products

References · 4