Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0057
Joomla multiple vulnerabilities
14 February 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Joomla
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-7744 CVE-2019-7743 CVE-2019-7742
CVE-2019-7741 CVE-2019-7740 CVE-2019-7739
Member content until: Saturday, March 16 2019
OVERVIEW
Multiple vulnerabilities have been identified in Joomla versions prior to 3.9.3
IMPACT
The vendor has provided the following information:
"[20190206] - Core - Implement the TYPO3 PHAR stream wrapper
CVE Number: CVE-2019-7743
Description
The phar:// stream wrapper can be used for objection injection attacks. We
now disallow usage of the phar:// handler for non .phar-files within the
CMS globally by implementing the TYPO3 PHAR stream wrapper." [1]
--------------------------------------------------------------------------------
"[20190205] - Core - XSS Issue in core.js writeDynaList
CVE Number: CVE-2019-7740
Description
Inadequate parameter handling in JS code could lead to an XSS attack vector." [2]
--------------------------------------------------------------------------------
"[20190204] - Core - Stored XSS issue in the Global Configuration help url #2
CVE Number: CVE-2019-7741
Description
Inadequate checks at the Global Configuration helpurl settings allowed a
stored XSS." [3]
--------------------------------------------------------------------------------
"[20190203] - Core - Additional warning in the Global Configuration
CVE Number: CVE-2019-7739
Description
"No Filtering" textfilter overrides child settings in the Global
Configuration. This is intended behavior but might be unexpected for the
user. An additional message is now shown in the configuration dialog." [4]
--------------------------------------------------------------------------------
"[20190202] - Core - Browserside mime-type sniffing causes XSS attack vectors
CVE Number: CVE-2019-7742
Description
A combination of specific webserver configurations, in connection with
specific file types and browserside mime-type sniffing causes a XSS attack
vector." [5]
--------------------------------------------------------------------------------
"[20190201] - Core - Lack of URL filtering in various core components
CVE Number: CVE-2019-7744
Description
Inadequate filtering on URL fields in various core components could lead to
an XSS vulnerability." [6]
MITIGATION
"The vendor recommends upgrading Joomla! to version 3.9.3" [1-6]
REFERENCES
[1] [20190206] - Core - Implement the TYPO3 PHAR stream wrapper
https://developer.joomla.org/security-centre/770-20190206-core-implement-the-typo3-phar-stream-wrapper.html
[2] [20190205] - Core - XSS Issue in core.js writeDynaList
https://developer.joomla.org/security-centre/769-20190205-core-xss-issue-in-core-js-writedynalist.html
[3] [20190204] - Core - Stored XSS issue in the Global Configuration
help url #2
https://developer.joomla.org/security-centre/768-20190204-core-stored-xss-issue-in-the-global-configuration-help-url-2
[4] [20190203] - Core - Additional warning in the Global Configuration
https://developer.joomla.org/security-centre/767-20190203-core-additional-warning-in-the-global-configuration-textfilter-settings
[5] [20190202] - Core - Browserside mime-type sniffing causes XSS
attack vectors
https://developer.joomla.org/security-centre/766-20190202-core-browserside-mime-type-sniffing-causes-xss-attack-vectors.html
[6] [20190201] - Core - Lack of URL filtering in various core
components
https://developer.joomla.org/security-centre/765-20190201-core-lack-of-url-filtering-in-various-core-components
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXGUKCGaOgq3Tt24GAQj0MQ//WoSHwxnFIP31ou0UxuWZ/R7VtQBt/Gzk
KaVbJau8kAzh+5JmLq5RtJCAarkHCWy0rL46Di46KPFtFEJvtF5xKDaW8fK2fCg+
SnF9IUTkJSKckXi2PegBP1TUjE4hhIln0i5V7jD39yYKh0lCDB3ERoFr5rCbOD52
uDKTF11Zs3i+ib5+4nu1ebwStsInYLQPHsWeAp96xSsQAYInejwIcbpM3iYCJI+A
io5/72Tg1+bVy8TaXynmHIOahzU3N5ENXARA3+Q97XGA/P5oRHIbIKFJNusLiHqX
8pOq0Jml1nQZazuDDCh5rnaXCUrvx2ucmaxmTVw3ssJrtpHSepAn4V+5LiiOwf9d
xmAGJtzXJMSDpHfmm9tAGTC2msskRd5IgWIMzm43fSL2M9nPZorEzuNhQBY7HgqX
p+aTzEO2gDiEITigWb6W70slj343jf7m2+KDDeD8NbYrSgGny/fWKggyCGr/6QYi
vQ9o7f7ok32AF8D2RNZjlFNmXVoHHixlwVJmxC8lNOiXdY7c8/hHxPp8nKC7jrlo
+pYbPjzSoF6IWmtSGe82vCaylLzC69E3QZD1PqjPrarhKcYRLoNx1DIOjMMDVFi9
ZIzlFMoO7AqEyzDVuImQP7Qiq9huVQJ0LqMUxaqjpKh2h79PL5PU/4JymzpMUA4R
r5HqxnVtFhU=
=PVrL
-----END PGP SIGNATURE-----