Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0057 Joomla multiple vulnerabilities 14 February 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Joomla Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Modify Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-7744 CVE-2019-7743 CVE-2019-7742 CVE-2019-7741 CVE-2019-7740 CVE-2019-7739 Member content until: Saturday, March 16 2019 OVERVIEW Multiple vulnerabilities have been identified in Joomla versions prior to 3.9.3 IMPACT The vendor has provided the following information: "[20190206] - Core - Implement the TYPO3 PHAR stream wrapper CVE Number: CVE-2019-7743 Description The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper." [1] -------------------------------------------------------------------------------- "[20190205] - Core - XSS Issue in core.js writeDynaList CVE Number: CVE-2019-7740 Description Inadequate parameter handling in JS code could lead to an XSS attack vector." [2] -------------------------------------------------------------------------------- "[20190204] - Core - Stored XSS issue in the Global Configuration help url #2 CVE Number: CVE-2019-7741 Description Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS." [3] -------------------------------------------------------------------------------- "[20190203] - Core - Additional warning in the Global Configuration CVE Number: CVE-2019-7739 Description "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog." [4] -------------------------------------------------------------------------------- "[20190202] - Core - Browserside mime-type sniffing causes XSS attack vectors CVE Number: CVE-2019-7742 Description A combination of specific webserver configurations, in connection with specific file types and browserside mime-type sniffing causes a XSS attack vector." [5] -------------------------------------------------------------------------------- "[20190201] - Core - Lack of URL filtering in various core components CVE Number: CVE-2019-7744 Description Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability." [6] MITIGATION "The vendor recommends upgrading Joomla! to version 3.9.3" [1-6] REFERENCES [1] [20190206] - Core - Implement the TYPO3 PHAR stream wrapper https://developer.joomla.org/security-centre/770-20190206-core-implement-the-typo3-phar-stream-wrapper.html [2] [20190205] - Core - XSS Issue in core.js writeDynaList https://developer.joomla.org/security-centre/769-20190205-core-xss-issue-in-core-js-writedynalist.html [3] [20190204] - Core - Stored XSS issue in the Global Configuration help url #2 https://developer.joomla.org/security-centre/768-20190204-core-stored-xss-issue-in-the-global-configuration-help-url-2 [4] [20190203] - Core - Additional warning in the Global Configuration https://developer.joomla.org/security-centre/767-20190203-core-additional-warning-in-the-global-configuration-textfilter-settings [5] [20190202] - Core - Browserside mime-type sniffing causes XSS attack vectors https://developer.joomla.org/security-centre/766-20190202-core-browserside-mime-type-sniffing-causes-xss-attack-vectors.html [6] [20190201] - Core - Lack of URL filtering in various core components https://developer.joomla.org/security-centre/765-20190201-core-lack-of-url-filtering-in-various-core-components AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXGUKCGaOgq3Tt24GAQj0MQ//WoSHwxnFIP31ou0UxuWZ/R7VtQBt/Gzk KaVbJau8kAzh+5JmLq5RtJCAarkHCWy0rL46Di46KPFtFEJvtF5xKDaW8fK2fCg+ SnF9IUTkJSKckXi2PegBP1TUjE4hhIln0i5V7jD39yYKh0lCDB3ERoFr5rCbOD52 uDKTF11Zs3i+ib5+4nu1ebwStsInYLQPHsWeAp96xSsQAYInejwIcbpM3iYCJI+A io5/72Tg1+bVy8TaXynmHIOahzU3N5ENXARA3+Q97XGA/P5oRHIbIKFJNusLiHqX 8pOq0Jml1nQZazuDDCh5rnaXCUrvx2ucmaxmTVw3ssJrtpHSepAn4V+5LiiOwf9d xmAGJtzXJMSDpHfmm9tAGTC2msskRd5IgWIMzm43fSL2M9nPZorEzuNhQBY7HgqX p+aTzEO2gDiEITigWb6W70slj343jf7m2+KDDeD8NbYrSgGny/fWKggyCGr/6QYi vQ9o7f7ok32AF8D2RNZjlFNmXVoHHixlwVJmxC8lNOiXdY7c8/hHxPp8nKC7jrlo +pYbPjzSoF6IWmtSGe82vCaylLzC69E3QZD1PqjPrarhKcYRLoNx1DIOjMMDVFi9 ZIzlFMoO7AqEyzDVuImQP7Qiq9huVQJ0LqMUxaqjpKh2h79PL5PU/4JymzpMUA4R r5HqxnVtFhU= =PVrL -----END PGP SIGNATURE-----