At a glance:
| ID | 48897 |
| Created | Apr 15, 2020 |
| Updated | Sep 24, 2020 |
| Severity |
|
| Coverage |
IPS (Regular DB)
IPS (Extended DB)
|
| Default Action | drop |
| Active |
|
| Affected OS | Windows, Linux |
| Affected App | Other |
Legend
| Enabled/Available |
|
| Disabled/Not Avaliable | 
|
Update History
| Date | Version | Detail |
|---|---|---|
| 2020-04-15 | 15.818 | * |
| 2020-04-23 | 15.827 | Default_action:pass:drop |
Refine Search
Intrusion Prevention
dotCMS.CMSFilter.assets.Access.Control.Weakness
Description
This indicates an attack attempt to exploit an Access Control Weakness Vulnerability in dotCMS.
The vulnerability is due to insufficient path validation in the CMSFilter class, if the dotCMS installation stores its assets under the tomcat's webapps/ROOT/assets directory. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted server. Successful exploitation of this vulnerability could allow the attacker to access restricted resources or execute arbitrary code in the security context of the target service.
Affected Products
dotCMS prior to 5.2.4
Impact
Privilege Escalation: Remote attackers can leverage their privileges on vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://dotcms.com/security/SI-54