Vulnerability Details : CVE-2015-0923
Public exploit exists!
The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.
Vulnerability category: XML external entity (XXE) injection
Exploit prediction scoring system (EPSS) score for CVE-2015-0923
Probability of exploitation activity in the next 30 days: 77.44%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2015-0923
-
Ektron 8.5, 8.7, 9.0 XSLT Transform Remote Code Execution
Disclosure Date: 2015-02-05First seen: 2020-04-26exploit/windows/http/ektron_xslt_exec_wsEktron 8.5, 8.7 <= sp1, 9.0 < sp1 have vulnerabilities in various operations within the ServerControlWS.asmx web services. These vulnerabilities allow for RCE without authentication and execute in the context of IIS on the remote system. Authors: - catatonicprime
CVSS scores for CVE-2015-0923
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2015-0923
-
http://www.kb.cert.org/vuls/id/377644
VU#377644 - Ektron Content Management System (CMS) contains multiple vulnerabilitiesUS Government Resource
Products affected by CVE-2015-0923
- cpe:2.3:a:ektron:ektron_content_management_system:8.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ektron:ektron_content_management_system:8.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ektron:ektron_content_management_system:8.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ektron:ektron_content_management_system:8.7.0:sp1:*:*:*:*:*:*