CVE-2012-5358

{"id": "CVE-2012-5358", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-10-30T14:29:00.297", "references": [{"url": "http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://technet.microsoft.com/library/security/msvr12-016", "tags": ["Issue Tracking", "Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-19"}]}], "descriptions": [{"lang": "en", "value": "The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data."}, {"lang": "es", "value": "La funci\u00f3n XSLTCompiledTransform en Ektron Content Management System (CMS) en versiones anteriores a la 8.02 SP5 configura el XSL con enableDocumentFunction establecido como true. Esto permite que atacantes remotos lean archivos arbitrarios y, consecuentemente, omitan la autenticaci\u00f3n, modifiquen el estado de vista o provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante datos XSL manipulados."}], "lastModified": "2017-11-18T17:40:10.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ektron:ektron_content_management_system:*:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB92429C-B831-43D1-A018-54ACC8B171FD", "versionEndIncluding": "8.02"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}