cbcvebase.
CVE-2015-0923
published 2015-02-14

CVE-2015-0923: The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote…

PriorityP346medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
22.03%
97.4th percentile
The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.

Affected

3 ranges
VendorProductVersion rangeFixed in
ektronektron_content_management_system
ektronektron_content_management_system
ektronektron_content_management_system

Detection & IOCsextracted from sources · hover to see the quote

pathWorkarea/ServerControlWS.asmx
  • Monitor HTTP requests targeting the ContentBlockEx method at the Workarea/ServerControlWS.asmx endpoint; payloads will include an XML document passed via the `xslt` parameter containing an external entity declaration (DOCTYPE with ENTITY referencing an external or local resource).
  • The vulnerability is exploitable without authentication and executes in the context of IIS; alert on unauthenticated SOAP/HTTP POST requests to ServerControlWS.asmx invoking ContentBlockEx.
  • Scope detection to Ektron CMS versions 8.5, 8.7 (up to sp1), and 9.0 (before sp1); these are the confirmed vulnerable version ranges.
  • ·The XXE and RCE vulnerabilities affect multiple operations within ServerControlWS.asmx, not solely ContentBlockEx; broader coverage of the web service endpoint is warranted.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.