Detections
Analytics

Ektron CMS400.net TransformXslt Web Service Directory Traversal

medium Nessus Plugin ID 46200

Language:

Synopsis

The remote web server has an application that is susceptible to a directory traversal attack.

Description

The installed version of Ektron CMS400.net ships with a web service that processes untrusted XML data and could allow an attacker to perform XML External Entity (XXE) attacks.

Nessus was able to exploit this issue by sending a specially crafted request to the 'TransformXslt' web service, and retrieve a local file.

Solution

Upgrade to Ektron CMS400.NET 7.66 SP5 or later.

See Also

https://www.westpoint.ltd.uk/advisories/wp-09-0008.txt

https://world.episerver.com/?g=posts&t=31005

https://world.episerver.com/#766sp5

Plugin Details

Severity: Medium

ID: 46200

File Name: ektron_cms400_transformxslt_dir_traversal.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 4/30/2010

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/ASP, www/cms400

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 4/6/2010

Vulnerability Publication Date: 10/6/2009

Reference Information

BID: 39679

Secunia: 39547