CVE-2017-11466 — HIGH (7.2)

Vulnerability Description

Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI.

CVSS Score

7.2

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dotcms	Dotcms	4.1.1

Related Weaknesses (CWE)

CWE-434

References

http://seclists.org/fulldisclosure/2017/Jul/33ExploitMailing ListThird Party Advisory
https://github.com/dotCMS/core/issues/12131Issue TrackingPatchThird Party Advisory
https://packetstormsecurity.com/files/143383/dotcms411-shell.txtExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2017/Jul/33ExploitMailing ListThird Party Advisory
https://github.com/dotCMS/core/issues/12131Issue TrackingPatchThird Party Advisory
https://packetstormsecurity.com/files/143383/dotcms411-shell.txtExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2017-11466?

CVE-2017-11466 is a vulnerability with a CVSS score of 7.2 (HIGH). Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via ...

How severe is CVE-2017-11466?

CVE-2017-11466 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-11466?

Check the references section above for vendor advisories and patch information. Affected products include: Dotcms Dotcms.