CVE-2017-15280

Опубликовано: 12 окт. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs.

Ссылки

http://issues.umbraco.org/issue/U4-10506
Issue Tracking
Patch
Vendor Advisory
https://github.com/umbraco/Umbraco-CMS/commit/5dde2efe0d2b3a47d17439e03acabb7ea2befb64
Patch
Third Party Advisory
http://issues.umbraco.org/issue/U4-10506
Issue Tracking
Patch
Vendor Advisory
https://github.com/umbraco/Umbraco-CMS/commit/5dde2efe0d2b3a47d17439e03acabb7ea2befb64
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*

Версия до 7.7.2 (включая)

EPSS

Процентиль: 41%

0.00193

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-h2vq-7gf2-qw9v