PT-2016-7517 · Dotcms · Dotcms

Elar Lang

Publicado

2016-10-28

Atualizado

2016-11-28

CVE-2016-8600

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions dotCMS version 3.2.1

Description The issue allows an attacker to bypass the captcha check by loading the captcha once, filling it with the correct value, and then reusing this correct value for subsequent forms that have a captcha check.

Recommendations For dotCMS version 3.2.1, consider implementing a unique captcha for each form submission to prevent reuse of previously entered correct values. As a temporary workaround, restrict the ability to submit forms with a captcha check to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-254CWE-264

Identificadores relacionados

CVE-2016-8600

Produtos afetados

Dotcms

PT-2016-7517 · Dotcms · Dotcms

CVE-2016-8600

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7