You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa Joomla

Sigurnosni nedostaci programskog paketa Joomla

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: O
  • Kategorije: ALL, W03, WN7, VIS, W08, HPQ, LRH, LDE, LSU, FBS, LFE, LGE, LUB, APL, LMV, WN8, W12

Security Centre

///////////////////////////////////////////
[20150602] – Core – CSRF Protection

Posted: 03 Jul 2015 02:10 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/rnWVOQvQFXo/618-20150602-core-remote-code-execution.html?utm_source=feedburner&utm_medium=email

Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.2.0 through 3.4.1
Exploit type: CSRF Protection
Reported Date: 2015-April-06
Fixed Date: 2015-June-30
CVE Number: tbd

Description
Lack of CSRF checks potentially enabled uploading malicious code.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.4.1
Solution
Upgrade to version 3.4.2
Contact
The JSST at the Joomla! Security Center.
Reported By: Eric Flokstra

///////////////////////////////////////////
[20150601] – Core – Open Redirect

Posted: 03 Jul 2015 02:04 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/5Ml2wA_edLI/617-20150601-core-open-redirect.html?utm_source=feedburner&utm_medium=email

Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.0.0 through 3.4.1
Exploit type: Open Redirect
Reported Date: 2015-June-01
Fixed Date: 2015-June-30
CVE Number: tbd

Description
Inadequate checking of the return value allowed to redirect to an extern
page.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.4.1
Solution
Upgrade to version 3.4.2
Contact
The JSST at the Joomla! Security Center.
Reported By: Sharath Unni and Steven Sweeting


You are subscribed to email updates from “Security Centre.”
To stop receiving these emails, you may unsubscribe now:
https://feedburner.google.com/fb/a/mailunsubscribe?k=klRMcgAuNv0B2qiOWTrkr13c6R0

Email delivery powered by Google.
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United
States

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html>
<head>
<META http-equiv=”Content-Type” content=”text/html; charset=UTF-8″>
<title>Security Centre</title>
</head>
<body>
<style type=”text/css”>

h1 a:hover {background-color:#888;color:#fff ! important;}

div#emailbody table#itemcontentlist tr td div ul {
list-style-type:square;
padding-left:1em;
}

div#emailbody table#itemcontentlist tr td div blockquote {
padding-left:6px;
border-left: 6px solid #dadada;
margin-left:1em;
}

div#emailbody table#itemcontentlist tr td div li {
margin-bottom:1em;
margin-left:1em;
}

table#itemcontentlist tr td a:link, table#itemcontentlist tr td a:visited, table#itemcontentlist tr td a:active, ul#summarylist li a {
color:#000099;
font-weight:bold;
text-decoration:none;
}

img {border:none;}

</style>
<div xmlns=”http://www.w3.org/1999/xhtml” id=”emailbody” style=”margin:0 2em;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”>
<table style=”border:0;padding:0;margin:0;width:100%”>
<tr>
<td style=”vertical-align:top” width=”99%”>
<h1 style=”margin:0;padding-bottom:6px;”>
<a style=”color:#888;font-size:22px;font-family:Arial, Helvetica, sans-serif;font-weight:normal;text-decoration:none;” href=”http://developer.joomla.org/security-centre.html” title=”(http://developer.joomla.org/security-centre.html)”>Joomla! Security News</a>
</h1>
</td>
<td width=”1%” />
</tr>
</table>
<hr style=”border:1px solid #ccc;padding:0;margin:0″ />
<table id=”itemcontentlist”>
<tr xmlns=””>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”1″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/rnWVOQvQFXo/618-20150602-core-remote-code-execution.html?utm_source=feedburner&utm_medium=email”>[20150602] – Core – CSRF Protection</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 03 Jul 2015 02:10 PM PDT</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Low</span></li>
<li>Versions: 3.2.0 through 3.4.1</li>
<li>Exploit type: <span style=”color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: normal;”>CSRF Protection</span></li>
<li>Reported Date: 2015-April-06</li>
<li>Fixed Date: 2015-June-30</li>
<li>CVE Number: tbd</li>
</ul>
<h3 style=”line-height: 15.8079996109009px;”>Description</h3>
<p style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>Lack of CSRF checks potentially enabled uploading malicious code.</p>
<h3 style=”line-height: 15.8079996109009px;”>Affected Installs</h3>
<p style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>Joomla! CMS versions 3.2.0 through 3.4.1</p>
<h3 style=”line-height: 15.8079996109009px;”>Solution</h3>
<p style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>Upgrade to version 3.4.2</p>
<h3 style=”line-height: 15.8079996109009px;”>Contact</h3>
<p style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info” style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”><strong>Reported By:</strong> <span style=”color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: normal;”>Eric Flokstra</span></div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=rnWVOQvQFXo:VWgMZDSQq9c:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/rnWVOQvQFXo?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”2″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/5Ml2wA_edLI/617-20150601-core-open-redirect.html?utm_source=feedburner&utm_medium=email”>[20150601] – Core – Open Redirect</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 03 Jul 2015 02:04 PM PDT</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Low</span></li>
<li>Versions: 3.0.0 through 3.4.1</li>
<li>Exploit type: <span style=”color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: normal;”>Open Redirect</span></li>
<li>Reported Date: 2015-June-01</li>
<li>Fixed Date: 2015-June-30</li>
<li>CVE Number: tbd</li>
</ul>
<h3 style=”line-height: 15.8079996109009px;”>Description</h3>
<p style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>Inadequate checking of the return value allowed to redirect to an extern page.</p>
<h3 style=”line-height: 15.8079996109009px;”>Affected Installs</h3>
<p style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>Joomla! CMS versions 3.0.0 through 3.4.1</p>
<h3 style=”line-height: 15.8079996109009px;”>Solution</h3>
<p style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>Upgrade to version 3.4.2</p>
<h3 style=”line-height: 15.8079996109009px;”>Contact</h3>
<p style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info” style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”><strong>Reported By:</strong> <span style=”color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: normal;”>Sharath Unni and </span><span style=”color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: normal;”>Steven Sweeting</span></div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=5Ml2wA_edLI:JVk0Cvrvylo:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/5Ml2wA_edLI?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
</table>
<table style=”border-top:1px solid #999;padding-top:4px;margin-top:1.5em;width:100%” id=”footer”>
<tr>
<td style=”text-align:left;font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;”>You are subscribed to email updates from <a href=”http://developer.joomla.org/security-centre.html”>Security Centre</a>
<br />To stop receiving these emails, you may <a href=”https://feedburner.google.com/fb/a/mailunsubscribe?k=klRMcgAuNv0B2qiOWTrkr13c6R0″>unsubscribe now</a>.</td>
<td style=”font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;text-align:right;vertical-align:top”>Email delivery powered by Google</td>
</tr>
<tr>
<td colspan=”2″ style=”text-align:left;font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;”>Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States</td>
</tr>
</table>
</div>
</body>
</html>

AutorMarijo Plepelic
Cert idNCERT-REF-2015-07-0008-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa mariadb

Otkriven je sigurnosni nedostatak u programskom paketu mariadb za Fedoru 22. Otkriveni nedostatak potencijalnim MitM napadačima omogućuje forsiranje nesigurnih kriptografskih...

Close