London: 020 0200 8142

Announcement: Umbraco Security Vulnerability

Umbraco CMS Unrestricted File Upload Vulnerability

Umbraco CMS Vulnerability Summary

Vendor: Umbraco
Version: Umbraco CMS v7.5.9
Release Date: 2nd June 2017

Umbraco CMS was found to be vulnerable to an unrestricted file upload vulnerability flaw.

Impact of the Umbraco CMS Vulnerability

Exploiting this vulnerability enables an adversary to upload arbitrary malicious files to the underlying web server, resulting in the application becoming vulnerable to stored Cross-Site-Scripting and client-side attacks.

Umbraco CMS Vulnerability Technical Details

A number of vulnerable resources were found, showing it was possible to circumvent blacklist filtering techniques. These techniques are implemented to prevent the upload of malicious file types e.g. an  adversary uploading files with an arbitrary file extension.

This circumvention was achieved by appending trailing white-space to the value of the filename parameter and by using a variety of alternative extensions when submitting data to the following resources:

/umbraco/backoffice/UmbracoApi/Media/PostSave

/umbraco/backoffice/UmbracoApi/Media/PostAddFile

Affected Umbraco CMS Products

The application versions affected are confirmed as:

  • Umbraco CMS v7.5.4
  • Umbraco CMS v7.5.6
  • Umbraco CMS v7.5.9

The Solution to the Umbraco CMS Vulnerability

Upgrade to Umbraco version 7.6.1

Note: Umbraco confirmed fix in version 7.5.11, confirmed by Perspective Risk in version 7.6.1

Umbraco CMS Vulnerability Timetable

09/11/2016: Perspective Risk reports vulnerability to vendor

22/11/2016: Vendor releases fixed version of the application

22/11/2016: Vendor publishes advisory

03/01/2017: Perspective Risk reports second vulnerability to vendor

05/01/2017: Vendor publishes a fix

20/02/2017: Perspective risk reports third vulnerability to vendor

22/02/2017: Vendor acknowledges third vulnerability and publishes a fix

10/05/2017: Perspective Risk confirms vendor’s fixes are implemented

Umbraco CMS Vulnerability Credits

Discovered by Kai Stimpson, Security Consultant at Perspective Risk.

Umbraco References

Reporting a security vulnerability to Umbraco

Umbraco Issue Tracer:

Unrestricted File Upload Vulnerability

Security: files of type xhtml should not be allowed to be uploaded to the media section

Media uploads currently use a blacklist – should add a whitelist as well for security

If you would like Perspective Risk’s advice with any element of your cyber security, you are very welcome to contact us.

Category: Announcements, Blog

We are Perspective Risk

  • Information security is crucial to every aspect of your business – operational efficiency, profitability, business continuity, customer confidence, brand loyalty, protection against fraud and meeting regulatory requirements.

    Our penetration testing, pen testing, pen tests and cyber security testing has proven time and time again to be an effective security assessment of business IT infrastructure.

    Perspective Risk provides in-depth security assessments, risk management and compliance solutions to help you keep your confidential information safe and your critical systems secure. We’re innovative, flexible and supportive, helping you through any information security issues to deliver real business benefits and excellent value.

  • Call Me

    Pop your details in below and we’ll be in touch soon!

    • This field is for validation purposes and should be left unchanged.

    ×
    Get Quote
    • This field is for validation purposes and should be left unchanged.
    ×