PT-2018-9578 · Esigate · Esigate

Benoit Côté-Jodoin

Published

2018-12-20

Updated

2019-01-07

CVE-2018-1000854

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions esigate version 5.2 and earlier

Description The issue concerns a problem with the neutralization of special elements in output used by a downstream component, which can lead to remote code execution. This is exploitable via the use of another weakness in the backend application to reflect ESI directives.

Recommendations For esigate versions 5.2 and earlier, update to version 5.3 to resolve the issue.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2018-1000854

GHSA-HJM9-576Q-399P

Affected Products

Esigate

PT-2018-9578 · Esigate · Esigate

CVE-2018-1000854

Weakness Enumeration

Related Identifiers

Affected Products

References · 6