Umbraco CMS 'url' Parameter Open Proxy Vulnerability
BID:52912
CVE-2012-1301 |Info
Umbraco CMS 'url' Parameter Open Proxy Vulnerability
| Bugtraq ID: | 52912 |
| Class: | Configuration Error |
| CVE: |
CVE-2012-1301 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 05 2012 12:00AM |
| Updated: | Apr 05 2012 12:00AM |
| Credit: | Florent Daigniere |
| Vulnerable: |
Umbraco Umbraco CMS 4.7 |
| Not Vulnerable: | |
Discussion
Umbraco CMS 'url' Parameter Open Proxy Vulnerability
Umbraco CMS is prone to an open proxy vulnerability because of an insecure default configuration.
A remote attacker may exploit this condition in order to launch attacks against local and public services in the context of the site hosting the vulnerable script.
Umbraco CMS 4.7 is vulnerable; other versions may also be affected.
Umbraco CMS is prone to an open proxy vulnerability because of an insecure default configuration.
A remote attacker may exploit this condition in order to launch attacks against local and public services in the context of the site hosting the vulnerable script.
Umbraco CMS 4.7 is vulnerable; other versions may also be affected.
Exploit / POC
Umbraco CMS 'url' Parameter Open Proxy Vulnerability
Attackers can exploit this issue with readily available tools.
Attackers can exploit this issue with readily available tools.
Solution / Fix
Umbraco CMS 'url' Parameter Open Proxy Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Umbraco CMS 'url' Parameter Open Proxy Vulnerability
References:
References:
- Umbraco CMS Homepage (Umbraco)
- [MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in (Florent Daigniere)