Published: 25/03/2009 Updated: 10/10/2018

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Hannon Hill Cascade Server 5.7 and other versions allows remote authenticated users to execute arbitrary programs or Java code via a crafted XSLT stylesheet with "extension elements and extension functions" that trigger code execution by Xalan-Java, as demonstrated using xalan://java.lang.Runtime.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hannonhill cascade 5.7

Emory University UTS Security Advisory EMORY-2009-01 Topic: Command Execution in Hannon Hill Cascade Server Original release date: March 19, 2009 SUMMARY ======= Hannon Hill's Cascade Server product is vulnerable to a command execution vulnerability An attacker with access to an unprivileged account within Cascade Server could exploit this vul ...

CWE-94 http://www.securityfocus.com/bid/34186 http://support.hannonhill.com/browse/CSCD-4753 https://exchange.xforce.ibmcloud.com/vulnerabilities/49332 https://www.exploit-db.com/exploits/8247 http://www.securityfocus.com/archive/1/501981/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/8247/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-1088

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect