CMS.Made.Simple.Web.Server.Cache.Poisoning
Description
This indicates an attack attempt to exploit a Cache Poisoning vulnerability in CMS Made Simple.
This vulnerability is due to improper validation of HTTP requests when the smarty cache option is enabled. A remote unauthenticated attacker can insert malicious content in a CMS Made Simple installation by poisoning the web server cache when Smarty Cache is activated by modifying the Host HTTP Header in his request.
Affected Products
CMS Made Simple Team CMS Made Simple prior to 1.12.2
CMS Made Simple Team CMS Made Simple prior to 2.1.3
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/
http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |