CVE-2015-0931

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Input Validation Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 14/02/15 - Updated on 17/02/15

Description

Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue.

Category: Input Validation Error

CWE-74 (Injection)
The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Security Notices

US National Vulnerability DatabaseCVE-2015-0931

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
ektronektron_content_management_system

Share this vulnerability with:

Twitter Facebook LinkedIn Mail