Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html | Exploit Third Party Advisory VDB Entry |
http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload | Mitigation Vendor Advisory |
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006 | Third Party Advisory |
https://www.exploit-db.com/exploits/43874/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
03 Jul 2024, 13:16
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006 - Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/43874/ - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2017-08-23 17:29
Updated : 2024-07-03 13:16
NVD link : CVE-2017-11317
Mitre link : CVE-2017-11317
CVE.ORG link : CVE-2017-11317
JSON object : View
Products Affected
telerik
- ui_for_asp.net_ajax
CWE
CWE-326
Inadequate Encryption Strength