CVE-2009-4367

Published Dec 21, 2009

Last updated 6 years ago

Overview

Description: The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sitecore:staging_module:*:080625:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE7E318B-E8F9-4C7C-AA94-37CBFE146882",
            "versionEndIncluding": "5.4.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References