Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-3042
HistoryOct 17, 2023 - 11:15 p.m.

CVE-2023-3042

2023-10-1723:15:11
CWE-20
CWE-79
[email protected]
web.nvd.nist.gov
22
dotcms
normalizationfilter
flaw
xss
access control
bypass
security
cve-2023-3042

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

16.7%

JSON

In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp , which should return a 404 response but didn’t.

The oversight in the default invalid URL character list can be viewed at the provided GitHub link https://github.com/dotCMS/core/blob/master/dotCMS/src/main/java/com/dotcms/filters/NormalizationFilter.java#L37 .

To mitigate, users can block URLs with double slashes at firewalls or utilize dotCMS config variables.

Specifically, they can use the DOT_URI_NORMALIZATION_FORBIDDEN_STRINGS environmental variable to add // to the list of invalid strings.

Additionally, the DOT_URI_NORMALIZATION_FORBIDDEN_REGEX variable offers more detailed control, for instance, to block //html.* URLs.

Fix Version:23.06+, LTS 22.03.7+, LTS 23.01.4+

Affected configurations

NVD
Node
dotcmsdotcmsMatch5.3.8
OR
dotcmsdotcmsMatch21.06
OR
dotcmsdotcmsMatch22.03
OR
dotcmsdotcmsMatch23.01

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "dotCMS core",
    "vendor": "dotCMS",
    "versions": [
      {
        "status": "affected",
        "version": "5.3.8"
      },
      {
        "status": "affected",
        "version": "21.06"
      },
      {
        "status": "affected",
        "version": "22.03"
      },
      {
        "status": "affected",
        "version": "23.01"
      }
    ]
  }
]

Related

prion 1
nvd 1
osv 1
cvelist 1
prion
prion
Design/Logic Flaw
2023-10-17 23:15:00
nvd
nvd
CVE-2023-3042
2023-10-17 23:15:11
osv
osv
CVE-2023-3042
2023-10-17 23:15:11
cvelist
cvelist
CVE-2023-3042 CNA SHORTNAME: dotCMSORG UUID: 5b9d93f2-25c7-46b4-ab60-d201718c9dd8
2023-10-17 22:52:05

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

16.7%

JSON
Related for CVE-2023-3042
prion1nvd1osv1cvelist1