CVE-2009-1088: CVE-2009-1088

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-1088

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Hannon Hill Cascade Server 5.7 and other versions allows remote authenticated users to execute arbitrary programs or Java code via a crafted XSLT stylesheet with "extension elements and extension functions" that trigger code execution by Xalan-Java, as demonstrated using xalan://java.lang.Runtime.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Hannonhill Cascade Server XLST处理远程命令执行漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cascade Server是一款功能强大的web内容管理(WCM)解决方案。 Cascade Server没有限制用户可访问的某些XSLT代码，可以任何编辑XSLT样式表的用户都可以导致Cascade Server执行任意Java代码。通过使用java.lang.Runtime类，Java可以运行shell命令。尽管Cascade Server进程的权限级别还不足以完全控制主机系统，但可以控制Cascade Server。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2009-1088

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2009-1088

Please Login to view more intelligence information

http://support.hannonhill.com/browse/CSCD-4753x_refsource_MISC
https://www.exploit-db.com/exploits/8247exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/34186vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/49332vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/501981/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2009-1088

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2009-1088

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2009-1088

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2009-1088

III. Intelligence Information for CVE-2009-1088

IV. Related Vulnerabilities

V. Comments for CVE-2009-1088

Leave a comment