EDB-43874
webappsaspx
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload
CVE-2017-11357CVE-2017-11317
Paul Taylor1/24/2018
CISA已知被利用漏洞
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
所需操作:
Apply updates per vendor instructions.
截止日期:
2022-05-02
描述
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
AI分析AI驱动
受影响产品
telerikui_for_asp.net_ajax
telerikui_for_asp.net_ajax
2017.2.503
telerikui_for_asp.net_ajax
2017.2.621
可用漏洞利用 (1)
参考资料
- http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.htmlExploitThird Party AdvisoryVDB Entry
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-uploadMitigationVendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006Third Party Advisory
- https://www.exploit-db.com/exploits/43874/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.htmlExploitThird Party AdvisoryVDB Entry
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-uploadMitigationVendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006Third Party Advisory
- https://www.exploit-db.com/exploits/43874/ExploitThird Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11317