CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-17762

XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.4%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://gist.github.com/jonaslejon/5f92779848360a1a1e676af0795bd9aa
https://kryptera.se/sarbarhet-i-episerver/
https://gist.github.com/jonaslejon/5f92779848360a1a1e676af0795bd9aa
https://kryptera.se/sarbarhet-i-episerver/

Products affected by CVE-2017-17762

Episerver » Episerver » Version: 7

cpe:2.3:a:episerver:episerver:7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-17762

Products

Pricing

Contact Us