Issues » Directory traversal vulnerability by Admin

Issue: SI-34
Date: Apr 11, 2016, 11:30:00 AM
Severity: Medium
Requires Admin Access: Yes
Fix Version: 3.3.2, 3.5
Credit: Piaox From Pingan Product Safety Group
Description:

dotCMS provides a mechanism to "tail" a system log files via an online console.  It is possible for an Admin (Authenticated user with Admin permissions in the dotCMS system) to specify a file outside of the specified dotCMS log directory to "tail".  If the dotCMS system is being run under a ROOT account on the host machine, this can include system log files.

Mitigation:

Prevent access to the log file viewer to any authorized person.

Do not run dotCMS under the ROOT account of any host machine. 

References

https://packetstormsecurity.com/files/136635/DotCMS-3.5-Beta-Directory-Traversal.html

Highly Rated and Recommended

We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews