Full Disclosure mailing list archives
CVE-2017-17762 - XXE Vulnerability in Episerver CMS
From: Jonas Lejon <jonas.bugtraq () triop se>
Date: Wed, 12 Sep 2018 10:37:19 +0200
About ============== Blind (XXE) XML External Entity vulnerability in the CMS Episerver 7 patch 4 and below. The vulnerability is in the blog module and can be used even if the blog module has been disabled. Exploit ============== PoC exploit attached. Mitigations ============== Disable access to the path /util/xmlrpc/Handler.ashx Disable outgoing access from the webserver, including DNS etc. Disclosure timeline ============== 2017-12-12 Contacting CERT-SE 2017-12-13 Contacting the Episerver company 2017-12-19 CVE-number reserved 2017-12-21 The Episerver VP R&D acknowledges the vulnerability. Internal bug number is #128556 and he writes that it's fixed from Episerver 7-patch 5 2018-08-28 First public info Regards, Jonas Lejon Triop AB https://triop.se
Attachment:
episploit.py
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE-2017-17762 - XXE Vulnerability in Episerver CMS Jonas Lejon (Sep 14)