Issues » Test pages shipped in product

Issue: SI-11
Date: Jun 7, 2013, 12:00:00 PM
Severity: Low
Requires Admin Access: No
Fix Version: 2.3.2
Credit: ENG
Description:

Testing-related application pages were found within dotCMS. Test pages are usually implemented ad-hoc and often do not adhere to the security requirements/guidelines of the rest of the application, making them a potential security hazard. Recommendations include restricting access to only those with an actual need to access the page, or if applicable, removing the information from the production server.

Mitigation:

Delete the testing pages:

./dotCMS/home/portal/test.jsp
./dotCMS/html/portlet/ext/workflows/schemes/test.jsp
References
  • https://github.com/dotCMS/dotCMS/issues/3046