This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Telerik First view 2017-07-03
Product Sitefinity Cms Last view 2017-07-03
Version 10.0.6401.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:telerik:sitefinity_cms

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2017-07-03 CVE-2017-9248

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-522 Insufficiently Protected Credentials

Snort® IPS/IDS

Date Description
2019-10-08 Telerik UI cryptographic keys disclosure attempt
RuleID : 51418 - Type : SERVER-WEBAPP - Revision : 2
2019-10-08 Telerik UI cryptographic keys disclosure attempt
RuleID : 51417 - Type : POLICY-OTHER - Revision : 2

Nessus® Vulnerability Scanner

id Description
2017-06-30 Name: A web application development suite installed on the Windows remote host is a...
File: telerik_ui_for_aspnet_ajax_CVE-2017-9248.nasl - Type: ACT_GATHER_INFO