CVE-2009-4367

Sažetak

The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request.

Reference

http://osvdb.org/61147
http://secunia.com/advisories/37763
http://www.exploit-db.com/exploits/10513
http://www.securityfocus.com/archive/1/508529/100/0/threaded
http://www.securityfocus.com/bid/37388
https://exchange.xforce.ibmcloud.com/vulnerabilities/54881
https://www.sec-consult.com/files/20091217-0_sitecore_StagingModule_1.0.txt

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

10-10-2018 - 19:49

Objavljeno

21-12-2009 - 16:30