CVE-2012-5358

Published: Oct 30, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data.

Affected (1)

Products: Ektron: Ektron Content Management System

1 product

Ektron Content Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ektron Ektron Content Management System	Up to 8.02

Related CWEs

References (6)

http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://technet.microsoft.com/library/security/msvr12-016

Source: cve@mitre.org

Issue TrackingRelease NotesThird Party Advisory

https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://technet.microsoft.com/library/security/msvr12-016

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingRelease NotesThird Party Advisory

https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.