XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs.
References
Link | Resource |
---|---|
http://issues.umbraco.org/issue/U4-10506 | Issue Tracking Patch Vendor Advisory |
https://github.com/umbraco/Umbraco-CMS/commit/5dde2efe0d2b3a47d17439e03acabb7ea2befb64 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-10-12T08:00:00
Updated: 2017-10-12T07:57:01
Reserved: 2017-10-11T00:00:00
Link: CVE-2017-15280
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-10-12T08:29:00.510
Modified: 2017-10-25T12:53:37.937
Link: CVE-2017-15280
JSON object: View
Redhat Information
No data.
CWE