← Back

CVE-2017-17762

nvd nistnuclei
Published: Aug 29, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx.

Affected (6)

Products: Episerver: Episerver
Episerver
1 product
Episerver
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Episerver
Episerver
Up to 7
Episerver
Version 7
Episerver
Version 7 patch_1
Episerver
Version 7 patch_2
Episerver
Version 7 patch_3
Episerver
Version 7 patch_4

Related CWEs

CWE-611
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (4)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
ExploitMitigationThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMitigationThird Party Advisory

Timeline

No history available yet.