CVE-2017-15280
Summary
| CVE | CVE-2017-15280 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-12 08:29:00 UTC |
| Updated | 2017-10-25 12:53:00 UTC |
| Description | XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs. |
Risk And Classification
Problem Types: CWE-611
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Umbraco | Umbraco Cms | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| U4-10506 Importing a specially crafted document type file can cause X… · umbraco/Umbraco-CMS@5dde2ef · GitHub | CONFIRM | github.com | Patch, Third Party Advisory |
| U4-10506 - Importing a specially crafted document type file can cause XXE attack | CONFIRM | issues.umbraco.org | Issue Tracking, Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.