EDB-43874
webappsaspx
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload
CVE-2017-11357CVE-2017-11317
Paul Taylor1/24/2018
CVE-2017-11317
9.8CRITICALTelerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or
Publicado: 8/23/2017Atualizado: 10/22/2025
Vulnerabilidade Explorada Conhecida (CISA)
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Ação Necessária:
Apply updates per vendor instructions.
Prazo:
2022-05-02
Descrição
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Análise IADesenvolvido por IA
Produtos Afetados
telerikui_for_asp.net_ajax
telerikui_for_asp.net_ajax
2017.2.503
telerikui_for_asp.net_ajax
2017.2.621
Exploits Disponíveis (1)
Referências
- http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.htmlExploitThird Party AdvisoryVDB Entry
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-uploadMitigationVendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006Third Party Advisory
- https://www.exploit-db.com/exploits/43874/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.htmlExploitThird Party AdvisoryVDB Entry
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-uploadMitigationVendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006Third Party Advisory
- https://www.exploit-db.com/exploits/43874/ExploitThird Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11317