CVE-2017-11466

Name of the Vulnerable Software and Affected Versions dotCMS version 4.1.1

Description The issue allows remote authenticated administrators to upload arbitrary files, including .jsp files, to any location on the server. This is achieved through directory traversal sequences in the fieldName parameter to the 'servlets/ajax file upload' endpoint. As a result, arbitrary code can be executed by requesting the uploaded .jsp file at a /assets URI.

Recommendations For dotCMS version 4.1.1, consider restricting access to the 'servlets/ajax file upload' endpoint to prevent arbitrary file uploads until a patch is available. Additionally, restrict the fieldName parameter to prevent directory traversal sequences. As a temporary workaround, consider disabling the AjaxFileUploadServlet to minimize the risk of exploitation.