Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler).
El salto de ruta en RadChart en la interfaz de usuario de Telerik para ASP.NET AJAX permite a un atacante remoto leer y eliminar una imagen con extensión .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF o .WMF en el servidor por medio de una petición especialmente diseñada. NOTA: RadChart fue descontinuada en 2014 a favor de RadHtmlChart. Todas las versiones de RadChart se vieron afectadas. Para impedir esta vulnerabilidad, debe eliminar el controlador HTTP de RadChart de un archivo web.config (su tipo es Telerik.Web.UI.ChartHttpHandler).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:N/AC:L/Au:N/C:P/I:P/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-22
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| progress | telerik_ui_for_asp.net_ajax | - | <built-in method update of dict object at 0x72a9cc777a80> | Application |
| telerik | radchart | * | <built-in method update of dict object at 0x72a9b0aa7200> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:telerik:radchart:*:*:*:*:*:*:*:* |