The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-10-30T14:00:00
Updated: 2024-08-06T21:05:46.691Z
Reserved: 2012-10-10T00:00:00
Link: CVE-2012-5358
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-10-30T14:29:00.297
Modified: 2024-11-21T01:44:35.157
Link: CVE-2012-5358
Redhat
No data.