Computer Security Global Security Mag Online anti virus spywares job oofers telecom and network security

INTERNATIONAL
 Security Vulnerability

Next Issues
Subscriptions
Publicity

Google

 Flux RSS
 
Vigil@nce: Joomla, several vulnerabilities
July 2009  by Vigil@nce

An attacker can execute JavaScript code in the context of the web site, or obtain internal information on Joomla.

- Severity: 2/4
- Consequences: client access/rights
- Provenance: document
- Means of attack: 1 attack
- Ability of attacker: technician (2/4)
- Confidence: confirmed by the editor (5/5)
- Diffusion of the vulnerable configuration: high (3/3)
- Number of vulnerabilities in this bulletin: 3
- Creation date: 01/07/2009
- Revision date: 03/07/2009

IMPACTED PRODUCTS

- Joomla!

DESCRIPTION OF THE VULNERABILITY

Three vulnerabilities were announced in Joomla.

The HTTP_REFERER variable, which contains the Referer header, is not correctly filtered. An attacker can therefore generate a Cross Site Scripting. [grav:2/4; 20090604]

The PHP_SELF variable, which contains a fragment of the requested url, is not correctly filtered. An attacker can therefore generate a Cross Site Scripting. [grav:2/4; 20090605]

Some PHP scripts do not use _JEXEC to limit their access. An attacker can therefore read their contents, in order to obtain information on internal paths. [grav:2/4; 20090606]

CHARACTERISTICS

- Identifiers: 20090604, 20090605, 20090606, BID-35544, VIGILANCE-VUL-8831
- Url: http://vigilance.fr/vulnerability/Joomla-several-vulnerabilities-8831

< previous      next >














home mail ?
Home Contact About Prowebserenity

 
Stay informed with Global Security Mag newsletters
copyright® 2007 S.I.M. Publicité