Description

Ektron Content Management System version 8.5, 8.7, and 9.0 contain a resource injection vulnerability by using an improperly configured XML parser. By default, Ektron utilizes the Microsoft XML parser to parse XSLT documents, which is not vulnerable. If an attacker specifies use of the Saxon XSLT parser instead, and sends it a specially crafted XSLT document, the attacker may be able to run arbitrary code at the privilege level of the application.

Remediation

Upgrade to the latest version of EktronCMS. This problem was fixed with Security Update 3 (Releases 8.02 SP5 to 9.10 SP1).

References

Exploiting the hidden Saxon XSLT Parser in Ektron CMS

Security Update 3 (Releases 8.02 SP5 to 9.10 SP1)

Related Vulnerabilities

WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability (0.6.2 - 2.3.2)

Ektron CMS unauthenticated code execution and Local File Read

RCE with Spring Data Commons

Ektron CMS multiple vulnerabilities

WordPress Plugin WooCommerce Remote Code Execution (4.0.1)

Severity

High

Classification

CVE-2015-0931 CWE-78 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution