SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Kentico CMS Insecure Deserialization

Category: WEB-ATTACKS      

An issue was discovered in Kentico before 12.0.15. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3148


Relevant Information