Sitecore XP and CMS File Download Vulnerability via Known Path

A file download vulnerability has been identified in Sitecore Experience Platform (XP) versions prior to 8.0 Initial Release (rev. 141212) and in Sitecore Content Management System (CMS) versions prior to 7.2 Update-3 (rev. 141226) and prior to 7.5 Update-1 (rev. 150130). This vulnerability allows attackers to download files from under the web root of the site by using a specially-crafted URL, provided the name of the file is already known. The vulnerable files exclude .config, .aspx, and .cs files. Notably, this issue does not permit directory browsing.

Impact

Exploitation of this vulnerability could lead to unauthorized file downloads, potentially allowing attackers to access sensitive information or application files.

Remediation

Users can upgrade to Sitecore XP 8.0 Initial Release (rev. 141212), Sitecore CMS 7.5 Update-1 (rev. 150130), or Sitecore CMS 7.2 Update-3 (rev. 141226). For versions not covered by these updates, Sitecore provides a specific patch (Sitecore.Support.424428) that can be installed. Instructions for applying this patch are available on the Sitecore Support Knowledge Base.