CVE-2017-17762 - XXE Vulnerability in Episerver

From: Jonas Lejon <jonas.bugtraq@triop.se>
To: bugtraq@securityfocus.com
Cc:
Subject: CVE-2017-17762 - XXE Vulnerability in Episerver
Date:

Attachments:
episploit.py

About
==============
Blind (XXE) XML External Entity vulnerability in the CMS Episerver 7
patch 4 and below. The vulnerability is in the blog module and can be
used even if the blog module has been disabled.

Exploit
==============
PoC exploit attached.

Mitigations
==============
Disable access to the path /util/xmlrpc/Handler.ashx
Disable outgoing access from the webserver, including DNS etc.

Disclosure timeline
==============
2017-12-12 Contacting CERT-SE
2017-12-13 Contacting the Episerver company
2017-12-19 CVE-number reserved
2017-12-21 The Episerver VP R&D acknowledges the vulnerability.
Internal bug number is #128556 and he writes that it's fixed from
Episerver 7-patch 5
2018-08-28 First public info


Regards,
Jonas Lejon
Triop AB




Copyright © 1995-2018 LinuxRocket.net. All rights reserved.