cvelist/2012/5xxx/CVE-2012-5357.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "cve@mitre.org",
      "ID" : "CVE-2012-5357",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "n/a",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "n/a"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "n/a"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "n/a"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "https://technet.microsoft.com/library/security/msvr12-016",
            "refsource" : "MISC",
            "url" : "https://technet.microsoft.com/library/security/msvr12-016"
         },
         {
            "name" : "https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/",
            "refsource" : "MISC",
            "url" : "https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/"
         },
         {
            "name" : "https://www.rapid7.com/db/modules/exploit/windows/http/ektron_xslt_exec",
            "refsource" : "MISC",
            "url" : "https://www.rapid7.com/db/modules/exploit/windows/http/ektron_xslt_exec"
         },
         {
            "name" : "http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm",
            "refsource" : "CONFIRM",
            "url" : "http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm"
         }
      ]
   }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
			`"CVE_data_meta" : {`
			`"ASSIGNER" : "cve@mitre.org",`
			`"ID" : "CVE-2012-5357",`
- Synchronized data. 2017-10-30 10:06:23 -04:00			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "n/a",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "n/a"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "n/a"`
			`}`
			`]`
			`}`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
- Synchronized data. 2017-10-30 10:06:23 -04:00			`"value" : "Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "n/a"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://technet.microsoft.com/library/security/msvr12-016",`
			`"refsource" : "MISC",`
- Synchronized data. 2017-10-30 10:06:23 -04:00			`"url" : "https://technet.microsoft.com/library/security/msvr12-016"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/",`
			`"refsource" : "MISC",`
- Synchronized data. 2017-10-30 10:06:23 -04:00			`"url" : "https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://www.rapid7.com/db/modules/exploit/windows/http/ektron_xslt_exec",`
			`"refsource" : "MISC",`
- Synchronized data. 2017-10-30 10:06:23 -04:00			`"url" : "https://www.rapid7.com/db/modules/exploit/windows/http/ektron_xslt_exec"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm",`
			`"refsource" : "CONFIRM",`
- Synchronized data. 2017-10-30 10:06:23 -04:00			`"url" : "http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`]`
			`}`
			`}`