Vulnerabilities > CVE-2018-8819 - XXE vulnerability in Carrier Automatedlogic Webctrl 6.0/6.1/6.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the "X-Wap-Profile" HTTP header.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
Packetstorm
data source | https://packetstormsecurity.com/files/download/148126/webctrl-xxe.txt |
id | PACKETSTORM:148126 |
last seen | 2018-06-13 |
published | 2018-06-09 |
reporter | Darrell Damstedt |
source | https://packetstormsecurity.com/files/148126/WebCTRL-Out-Of-Band-XML-Injection.html |
title | WebCTRL Out-Of-Band XML Injection |
References
- http://packetstormsecurity.com/files/148126/WebCTRL-Out-Of-Band-XML-Injection.html
- http://packetstormsecurity.com/files/148126/WebCTRL-Out-Of-Band-XML-Injection.html
- http://seclists.org/fulldisclosure/2018/Jun/21
- http://seclists.org/fulldisclosure/2018/Jun/21
- https://hateshape.github.io/general/2018/06/07/CVE-2018-8819.html
- https://hateshape.github.io/general/2018/06/07/CVE-2018-8819.html