Issues » Arbitrary Command Execution

Issue: SI-18
Date: Apr 21, 2014, 6:00:00 AM
Severity: Critical
Requires Admin Access: No
Fix Version: 2.5.4
Credit: it.sec GmbH & Co. KG – Hans-Martin Münch & Markus Piéton
Description:

This vulnerability allow authenticated users to view arbitrary files on the server and execute commands on the systems as the user that is running dotCMS on the server. This potentially leads to a full compromise of the server if a high privileged user account is running the dotCMS application.

Mitigation:

Customers should use a web application firewall that blocks external access to the Dotcms Administrative tooling.  These firewalls also blocks external access to .jsps and other URLs in the system that can be exploited.  The firewalls can also attempt to filter any requests attempting to exploit XSS vulnerabilities in a customer’s implementation.  We generally recommend using a firewall in this way.