|
Description
|
|
A vulnerability was reported in the ExtJS framework.
A remote attacker could exploit it via a specially crafted URL in order to read arbitrary file and request internal http services.
This vulnerability is exploitable via the "feed" parameter of the "extjs/5.0.0/examples/feed-viewer/feed-proxy.php" page.
Updated, 26/05/2015:
A proof of concept is available.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
ExtJS (Sencha)
|
|
|
|
|
|
Solution
|
|
No solution for the moment.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
- Twitter : hisengberg @Sencha hello ! I have a high-risk vulnerability of extjs
What should I do
email ?
https://twitter.com/hisengberg/status/577698146504998912
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
