วันพุธที่ ๑๙ ตุลาคม ๒๕๕๔ เวลา ๑๐:๑๘ น.
DOCMan LaiThai
ผู้ชม: 264
SECUNIA ADVISORY ID:
SA46421
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46421/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46421
RELEASE DATE:
2011-10-18
DESCRIPTION:
Two vulnerabilities have been reported in Joomla!, which can be
exploited by malicious people to disclose potentially sensitive
information.
1) An error due to weak encryption can be exploited to disclose
potentially sensitive information.
This vulnerability is reported in versions prior to 1.5.24 and prior
to 1.7.2.
2) Insufficient error checking can be exploited to disclose
potentially sensitive information.
This vulnerability is reported in versions prior to 1.7.2.
SOLUTION:
Update to version 1.5.24 or 1.7.2.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Jeff Channell
2) Aung Khant, YGN Ethical Hacker Group
ORIGINAL ADVISORY:
Joomla!:
http://developer.joomla.org/security/news/370-20111001-core-information-disclosure
http://developer.joomla.org/security/news/371-20111002-core-information-disclosure
http://developer.joomla.org/security/news/372-20111003-core-information-disclosure
