WE HAVE MANY SUPPORT OPTIONS

3Get our response in 2 hours or less.

You can also email us at info @ intelliplans .com // Need Remote Support? Windows or Mac

WE'RE AVAILABLE 24/7

Sales: 800.229.0674
24/7 Phone Support: 850.549.2282 | 480.624.2500
Customer Service | Contact Form | Email

Critical vulnerabilities pose a serious threat to Joomla sites

b2ap3 large joomla security alertby Mark Stockley

Joomla, the world’s second most popular web content management system (CMS), has been under sustained attack for several days, thanks to a nasty pair of vulnerabilities disclosed last week.

Security announcements 20161001 (CVE-2016-8870) and 20161002 (CVE-2016-8869) describe how flaws in Joomla’s user registration code could allow an attacker to “register on a site when registration has been disabled” and then “register … with elevated privileges”.

If the significance of those two statements hasn’t entirely sunk in let me make it plain: taken together, the vulnerabilities can be used to unlock any site running Joomla, anywhere on the internet, with little more than a polite request detailing what you’d like to be called and how much power you want.

Continue reading
Rate this blog entry:
1381 Hits
0 Comments

Alert! Joomla Security Severity: High - Core - Elevated Privileges

[20161002] - Core - Elevated Privileges

  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.4.4 through 3.6.3
  • Exploit type: Elevated Privileges
  • Reported Date: 2016-October-21
  • Fixed Date: 2016-October-25
  • CVE Number: CVE-2016-8869

Description

Incorrect use of unfiltered data allows for users to register on a site with elevated privileges.

Affected Installs

Joomla! CMS versions 3.4.4 through 3.6.3

Solution

Upgrade to version 3.6.4

Continue reading
Rate this blog entry:
1417 Hits
0 Comments

Joomla Security: Big Hits for New Vulnerability

According to US-CERT, Joomla has just released version 3.4.7 of its open-source content management system (CMS) in an effort to lock down two new vulnerabilities, one of which could grant attackers full control of an affected website. As noted by SecurityWeek, the severity of these flaws didn’t go unnoticed: Symantec tracked an average of 16,000 hits per day attempting to exploit the issue. Here’s a rundown of what’s at risk with an unpatched Joomla install.

JOOMLA SECURITY RISKS

For almost a decade, a critical remote command execution vulnerability has existed in Joomla; versions 1.5 through 3.4.5 are affected by CVE-2015-8562. According to Ars Technica, while Joomla security teams patched the vulnerability within two days, the bug was already being exploited in the wild on IP addresses 146.0.72.83, 74.3.170.33 and 194.28.174.106. In addition, any events using either “JDatabaseDriverMysqli” or “O:” in the user agent were likely attack vectors.

So what’s the big risk here? CVE-2015-8562 leverages an issue with poor filtering when Joomla saves browser session values. As detailed by Sucuri, exploiting this flaw and combining it with the result of MySQL meeting a UTF-8 character that isn’t supported by uft8_general_ci — which causes data truncation from a specific value — it’s possible to launch an attack that could fully compromise servers. Cybercriminals then use the servers as malware hosts or sell access to them for a fee on the Dark Web.

Continue reading
Rate this blog entry:
1182 Hits
0 Comments

Vulnerable Joomla Site Owners (Servers) See 16,000 Daily Attacks

Symantec has detected up to 20,000 daily attempts to exploit a recently patched Joomla vulnerability that can be leveraged for remote code execution.

The vulnerability, identified as CVE-2015-8562, was patched in mid-December with the release of Joomla 3.4.6 and hotfixes for versions 1.5 and 2.5. The first attempts to exploit the flaw, which affects installations running Joomla 1.5.0 through 3.4.5, were spotted two days before the developers of the popular content management system (CMS) released patches.

Symantec has been monitoring attack attempts and detected, on average, 16,000 daily hits since the vulnerability was disclosed.

Attackers can leverage the Joomla security hole to compromise servers and use them for hosting malware and other malicious activities. They can also sell access to the targeted servers on the underground market, allowing others to abuse them for distributed denial-of-service (DDoS) attacks. Some of the compromised machines can also host valuable information.

Continue reading
Rate this blog entry:
958 Hits
0 Comments

Joomla! 3.4.7 Version Fixes Security Flaws

Joomla! has released the latest version, 3.4.7, of its free content management system software to address two reported security vulnerabilities.

The new version of Joomla!, which is used to create websites and online applications, strengthened the security of the MySQLi driver to help prevent object injection attacks.

Joomla said its Security Strike team has been following up on the critical security vulnerability patched last week.

“Since the recent update it has become clear that the root cause is a bug in PHP itself,” Joomla! reported on its website. “This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13.”

Joomla! pointed out the only Joomla sites affected by this bug are those that are hosted on vulnerable versions of PHP, and it corrected the flaw because not all hosts keep their PHP installations up to date.

Joomla! 3.4.7 is now available. This is a security release for the 3.x series of Joomla which addresses a critical security vulnerability and one low level security vulnerabilities. We strongly recommend that you update your sites immediately.

This release only contains the security fixes; no other changes have been made compared to the Joomla 3.4.6 release.

WHAT'S IN 3.4.7

Version 3.4.7 is released to address two reported security vulnerabilities and includes security hardening of the MySQLi driver to help prevent object injection attacks.

The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and has been back-ported in some specific Linux LTS versions of PHP 5.3). The only Joomla sites affected by this bug are those which are hosted on vulnerable versions of PHP. We are aware that not all hosts keep their PHP installations up to date so we are making this release to deal with this issue on vulnerable PHP versions.

SECURITY ISSUES FIXED

  • High Priority - Core - Session Hardening (affecting Joomla 1.5 through 3.4.6) More information »
  • Low Priority - Core - SQL Injection (affecting Joomla 3.0.0 through 3.4.6) More information »

Please see the documentation wiki for FAQ’s regarding the 3.4.7 release. It is important to note that due to some session changes you will not be able to edit items until you log out and log back in again. Please note that there has been a backwards compatibility break regarding how session management is handled. If you are using the documented Joomla API you will have no issues. The changes are fully documented in the release documentation.


Sources:

  1. https://www.joomla.org/announcements/release-news/5643-joomla-3-4-7-released.html
  2. https://www.us-cert.gov/ncas/current-activity/2015/12/22/Joomla-Releases-Security-Update-CMS

 

Continue reading
Rate this blog entry:
1044 Hits
0 Comments
TOP