1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Telerik UI Arbitrary File Upload CVE-2017-11317

Web Attack: Telerik UI Arbitrary File Upload CVE-2017-11317

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit an arbitrary file upload vulnerability in Telerik UI.

Additional Information

Telerik UI for ASP.NET AJAX is prone to an arbitrary file-upload vulnerability. Specifically, this issue occurs due to weak 'RadAsyncUpload' encryption in 'Telerik.Web.UI'. An attacker can exploit this issue to perform arbitrary file uploads or execute arbitrary code.

An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application or privilege escalation.

Affected

  • Versions prior to Telerik UI for ASP.NET AJAX 2017.2.711 and 2017.1.118 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube