Описание
XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx.
Ссылки
- ExploitThird Party Advisory
- ExploitMitigationThird Party Advisory
- ExploitThird Party Advisory
- ExploitMitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7 (включая)
Одно из
cpe:2.3:a:episerver:episerver:*:*:*:*:*:*:*:*
cpe:2.3:a:episerver:episerver:7:*:*:*:*:*:*:*
cpe:2.3:a:episerver:episerver:7:patch_1:*:*:*:*:*:*
cpe:2.3:a:episerver:episerver:7:patch_2:*:*:*:*:*:*
cpe:2.3:a:episerver:episerver:7:patch_3:*:*:*:*:*:*
cpe:2.3:a:episerver:episerver:7:patch_4:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10472
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx.
EPSS
Процентиль: 93%
0.10472
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-611