Remote Code Execution (RCE) in DoD Websites
Critical
U
U.S. Dept Of Defense
Submitted None
Team Summary
Official summary from U.S. Dept Of Defense
A remote code execution (RCE) vulnerability was found on a Department of Defense (DoD) website which could have enabled an attacker to execute remote commands on the web server. @joaomatosf was able to demonstrate this vulnerability by developing a custom script that caused the webserver to execute a benign command. This was a very clever demonstration. Impressive work! Thank you for supporting the DoD Vulnerability Disclosure Program!
Actions:
Reported by
joaomatosf
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Code Injection