Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2017.0191
Security Announcements
9 November 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Joomla!
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2017-16633
Member content until: Saturday, December 9 2017
OVERVIEW
A vulnerability has been identified in Joomla! in versions 3.7.0
through 3.8.1. [1]
IMPACT
The vendor has provided the following information:
"[20171103] - Core - Information Disclosure
Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.7.0 through 3.8.1
Exploit type: Information Disclosure
Reported Date: 2017-May-17
Fixed Date: 2017-November-07
CVE Number: CVE-2017-16633
Description
A logic bug in com_fields exposed read-only information about a
site's custom fields to unauthorized users." [1]
MITIGATION
The vendor recommends updating to the latest version of Joomla! to
correct these issues. [1]
REFERENCES
[1] Security Announcements
https://developer.joomla.org/security-centre/715-20171103-core-information-disclosure.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWgPC5ox+lLeg9Ub1AQiQOA/9GDoWWsGyVFKbWgpW1GxlQXIs1lfhl8B9
X/DCAut1gbUCvT9f99cPFiz/4n5pTXDYImN+VllkFnrAdZvY/i3MSGDPQoFi4X+U
T9QJIRUbVM21BYmJ83/FveaQi8eauHk/JnjRgA5INLMlFFa4+OBwyF45+Z3vN8hL
2DJ67y1fXoVpk0nIWsGZPqrc4HCsOsDUQqbEkidtTuMtXpYo5EuUqRaEIpzF96nf
JOm2Hg+rq5jpiAKS0GvaYzDQn4F8hBS7wJqC8CtO92jWr8eTfFqA/x50F1IdJDGA
KT5gY1ZuHoo4vud3ffhKrng0uq3lyjcUBlh8mseR/VVnQgYFmfHDnPQNRr1OrYNw
KTo4BCF0vJJL2XB8kAf3Oe1NUdzyeqxd7DIRfqPd/yMioRRh1Eit6WUNIiSIHBaa
NtxXB4zsnIYAxL+VwlnjcAhRsND8n71zHQuNOICZ3G7cALYDtXvo15kTdTLBS9Au
8C/s41FLlmRD3bXg1lCUJcXINSeW27F0nyeOfmVgTqyKLqisHDPOXysW+V9KGQ6i
R9DO7c+7ye3SKxjvCCvKfQLnGSD3m7olvt8C7IMjgvAmsVImJ6Kt+rhcFwuItrGQ
F9dTYsgscKXa1Svo5ZQScW3r6CpXEGuVv4Gctrj/rAc3HlL/Oms5BF8c8W/Rw1MU
y0I5W6CkEuc=
=NXwH
-----END PGP SIGNATURE-----