Atomicorp

Posted: **Mon Dec 14, 2015 5:02 pm**

Hi everybody,

for your info. and a question to atomicorp if ASL covers this.
Thanks a lot.

[20151201] - Core - Remote Code Execution Vulnerability

Project: Joomla!
SubProject: CMS
Severity: High
Versions: 1.5.0 through 3.4.5
Exploit type: Remote Code Execution
Reported Date: 2015-December-13
Fixed Date: 2015-December-14
CVE Numbers: requested

Description:
Browser information is not filtered properly while saving the session values into the database which leads to a Remote Code Execution vulnerability.

Affected Installs:
Joomla! CMS versions 1.5.0 through 3.4.5

Solution:
Upgrade to version 3.4.6

SOURCE:
https://developer.joomla.org/security-c ... ility.html

Patch in branch 3.X:
https://github.com/joomla/joomla-cms/releases/tag/3.4.6
Patches for EOL versions:
https://docs.joomla.org/Security_hotfix ... L_versions

Posted: **Tue Dec 15, 2015 9:29 am**

Yes ASL, and the modsecurity rules, already protect against this attack. Both generically (there are rules for malicious payloads in the UA and other fields), as well as specific JITP rules for this vulnerability in Joomla.

Posted: **Tue Dec 15, 2015 9:50 am**

JEEHAAAA.

Thanks like always.

Posted: **Thu Dec 17, 2015 3:20 am**

Hi, mikeshinn

Out of curiosity which mod_sec rule config covers the said Joomla vulnerability, i just want to double check I am in fact covered as I only used the ASL mod_sec rules subscription ?

Posted: **Fri Dec 18, 2015 6:01 pm**

337106 and 347195

Atomicorp

Joomla critical patch ...upgrade to 3.4.6

Joomla critical patch ...upgrade to 3.4.6

Re: Joomla critical patch ...upgrade to 3.4.6

Re: Joomla critical patch ...upgrade to 3.4.6

Re: Joomla critical patch ...upgrade to 3.4.6

Re: Joomla critical patch ...upgrade to 3.4.6