oss-sec mailing list archives
Re: CVE request: Joomla unspecified information disclosure vulnerability
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Mon, 27 Jun 2011 15:53:27 +0800
Path Disclosure should better be regarded as more closely related to server-side issue. It may be too redundant or unnecessary to create one path disclosure issue per CVE. Another Path Disclosure issue in Joomla! 1.6.1 http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html Almost all php CMS applications have this issue going on where some of them are listed at: http://code.google.com/p/inspathx/source/browse/#svn%2Ftrunk%2Fpaths_vuln --------------------------------- Best regards, YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net Our Lab | http://yehg.net/lab Our Directory | http://yehg.net/hwd On Fri, Jun 24, 2011 at 3:46 AM, Josh Bressers <bressers () redhat com> wrote:
----- Original Message -----Couldn't find a CVE-identifier for this issue. Joomla does have too many vulnerabilities. Joomla prior to 1.5.23 contains a flaw that may lead to an unauthorized information disclosure. Should this one get a 2010 or 2011 identifier? Reported: 2010-12-08 Joomla advisory: 2011-04-01 Release with a fix (version 1.5.23): 2011-04-04 References: http://developer.joomla.org/security/news/9-security/10-core-security/340-20110401-core-information-disclosure.html http://www.joomla.org/announcements/release-news/5367-joomla-1523-released.html http://osvdb.org/show/osvdb/71587 http://secunia.com/advisories/44028/ I hope this request isn't duplicate. I included oCERT to this email as Joomla is part of that group. Please notify me and mailing-list if this issue already has a CVE-identifier.I'm giving this CVE-2011-2488. While the flaw was reported in 2010 they claim, I consider 2011 when it went public. Thanks. -- JB
Current thread:
- CVE request: Joomla unspecified information disclosure vulnerability Henri Salo (Jun 20)
- Re: CVE request: Joomla unspecified information disclosure vulnerability Josh Bressers (Jun 23)
- Re: CVE request: Joomla unspecified information disclosure vulnerability YGN Ethical Hacker Group (Jun 27)
- Re: CVE request: Joomla unspecified information disclosure vulnerability Henri Salo (Jun 27)
- Re: CVE request: Joomla unspecified information disclosure vulnerability YGN Ethical Hacker Group (Jun 30)
- Re: CVE request: Joomla unspecified information disclosure vulnerability YGN Ethical Hacker Group (Jun 27)
- Re: CVE request: Joomla unspecified information disclosure vulnerability Josh Bressers (Jun 23)