dotCMS CVE-2012-1826 Arbitrary Code Execution Vulnerability
BID:53688
Info
dotCMS CVE-2012-1826 Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 53688 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1826 |
| Remote: | Yes |
| Local: | No |
| Published: | May 25 2012 12:00AM |
| Updated: | May 25 2012 12:00AM |
| Credit: | Ben Murphy |
| Vulnerable: |
dotCMS dotCMS 2.0 dotCMS dotCMS 1.9.5.0 dotCMS dotCMS 1.6 dotCMS dotCMS 0 |
| Not Vulnerable: |
dotCMS dotCMS 2.0.1 dotCMS dotCMS 1.9.5.1 |
Discussion
dotCMS CVE-2012-1826 Arbitrary Code Execution Vulnerability
dotCMS is prone to an arbitrary-code-execution vulnerability.
An attacker could exploit this issue to execute arbitrary Java code in the context of the application. Failed exploits will result in a denial-of-service condition.
Versions prior to dotCMS 1.9.5.1 and 2.0.1 are vulnerable.
dotCMS is prone to an arbitrary-code-execution vulnerability.
An attacker could exploit this issue to execute arbitrary Java code in the context of the application. Failed exploits will result in a denial-of-service condition.
Versions prior to dotCMS 1.9.5.1 and 2.0.1 are vulnerable.
Exploit / POC
dotCMS CVE-2012-1826 Arbitrary Code Execution Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
dotCMS CVE-2012-1826 Arbitrary Code Execution Vulnerability
Solution:
Updates are available. Please see the reference for more details.
Solution:
Updates are available. Please see the reference for more details.
References
dotCMS CVE-2012-1826 Arbitrary Code Execution Vulnerability
References:
References:
- 2.0.1 dotCMS Released (dotCMS)
- dotCMS Homepage (dotCMS)
- Vulnerability Note VU#898083 dotCMS template permissions allow arbitrary code ex (US-CERT)