Joomla! Access Control Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks : 7/7/2015 8:27:55 AM

Perfect Push Messages This eBook shows you how to build great push messages that convert for your app. From our sponsors

 

 

Vulnerability Databse

This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text.

Joomla! Access Control Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks
7/7/2015 12:00:00 AM

Joomla! Access Control Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks

SecurityTracker Alert ID:  1032796

SecurityTracker URL:  http://securitytracker.com/id/1032796

CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)

Date:  Jul 7 2015

Impact:   Modification of user information

Fix Available:  Yes  Vendor Confirmed:  Yes

Version(s): 3.2.0 through 3.4.1

Description:   A vulnerability was reported in Joomla!. A remote user can conduct cross-site request forgery attacks. A remote user can create a specially crafted HTML page or URL that, when loaded by the target authenticated user, will take actions on the target interface acting as the target user. The vendor was notified on April 6, 2015. Eric Flokstra reported this vulnerability.

Impact:   A remote user can take actions on the target system acting as the target authenticated user.

Solution:   The vendor has issued a fix (3.4.2). The vendor's advisory is available at: http://developer.joomla.org/security-centre.html

Vendor URL:  developer.joomla.org/security-centre.html (Links to External Site)

Cause:   Access control error, Input validation error

Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions