Lucene search

[email protected]CVE-2012-1826

HistoryJun 08, 2012 - 4:55 p.m.

CVE-2012-1826

2012-06-0816:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-1826

dotcms

remote execution

java code

authenticated users

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.2%

JSON

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.

Affected configurations

NVD

Node

dotcmsdotcmsMatch1.9

dotcmsdotcmsMatch1.9.2.1

CPENameOperatorVersion
dotcms:dotcmsdotcmseq1.9
dotcms:dotcmsdotcmseq1.9.2.1

CPE	Name	Operator	Version
dotcms:dotcms	dotcms	eq	1.9
dotcms:dotcms	dotcms	eq	1.9.2.1

References

dotcms.com/dotCMSVersions/

osvdb.org/82240

secunia.com/advisories/49276

www.kb.cert.org/vuls/id/898083

www.securityfocus.com/bid/53688

gist.github.com/2627440

github.com/dotCMS/dotCMS/issues/261

github.com/dotCMS/dotCMS/issues/281

Social References

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.2%

JSON

Related for CVE-2012-1826

cert1 cvelist1 nvd1 prion1 seebug1