7.5

CVE-2017-17762

Exploit
XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EpiserverEpiserver Version <= 7
EpiserverEpiserver Version7
EpiserverEpiserver Version7 Updatepatch_1
EpiserverEpiserver Version7 Updatepatch_2
EpiserverEpiserver Version7 Updatepatch_3
EpiserverEpiserver Version7 Updatepatch_4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.47% 0.93
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://kryptera.se/sarbarhet-i-episerver/
Third Party Advisory
Exploit
Mitigation