Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2217

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-2217
Last Modified 29 Dec 2014 12:53:55
Published 25 Dec 2014 04:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2217

Summary

Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value.

Vulnerable Systems

Application

  • Telerik Ui For Asp.net Ajax 2014.3.1209


References

MISC - http://itq.nl/arbitrary-file-write-in-telerik-ui-for-asp-net-ajax/


Last Updated: 27 May 2016 11:07:22