CVE-2023-53934
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
A denial of service vulnerability in Kentico Xperience allows attackers to launch DoS attacks via specially crafted requests to the GetResource handler. Improper input validation enables remote attackers to potentially disrupt service availability through maliciously constructed requests.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Kentico | Xperience | 0 <= 12.0.98 | affected |
Weaknesses
- CWE-97: Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://devnet.kentico.com/download/hotfixes
- https://www.vulncheck.com/advisories/kentico-xperience-getresource-handler-denial-of-service
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.