PT-2017-8775 · Automated Logic+1 · Liebert Sitescan Web+2
Evgeny Ermakov
·
Published
2017-08-31
·
Updated
2021-07-27
·
CVE-2016-5795
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Automated Logic Corporation (ALC) Liebert SiteScan Web versions 6.5 and prior
ALC WebCTRL versions 6.5 and prior
Carrier i-Vu versions 6.5 and prior
Description
An issue was discovered that allows an attacker to enter malicious input through a weakly configured XML parser, causing the application to execute arbitrary code or disclose file contents from a server or connected network.
Recommendations
For ALC Liebert SiteScan Web versions 6.5 and prior, consider disabling the XML parser until a patch is available.
For ALC WebCTRL versions 6.5 and prior, restrict access to the XML parsing functionality to minimize the risk of exploitation.
For Carrier i-Vu versions 6.5 and prior, avoid using weakly configured XML parsers in the application until the issue is resolved.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Liebert Sitescan Web
Webctrl
I-Vu