CVE-2017-5965

Name of the Vulnerable Software and Affected Versions Sitecore CRM version 8.1 Rev 151207

Description The issue allows remote authenticated administrators to execute arbitrary ASP code. This can be achieved by creating a ZIP archive with a .asp file that has a .. in its pathname. The archive is then uploaded and extracted through the sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx endpoint, and the .asp file can be executed by visiting a URI under sitecore/.

Recommendations For Sitecore CRM version 8.1 Rev 151207, as a temporary workaround, consider restricting access to the UploadPackage2.aspx endpoint until a patch is available. Additionally, restrict the ability to upload ZIP archives with .. in the pathname to minimize the risk of exploitation.