oss-sec mailing list archives
Re: CVE requests: joomla <1.5.4
From: "Steven M. Christey" <coley () linus mitre org>
Date: Fri, 18 Jul 2008 11:48:11 -0400 (EDT)
====================================================== Name: CVE-2008-3225 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3225 Reference: MLIST:[oss-security] 20080712 CVE requests: joomla <1.5.4 Reference: URL:http://www.openwall.com/lists/oss-security/2008/07/12/2 Reference: CONFIRM:http://www.joomla.org/content/view/5180/1/ Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix." ====================================================== Name: CVE-2008-3226 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3226 Reference: MLIST:[oss-security] 20080712 CVE requests: joomla <1.5.4 Reference: URL:http://www.openwall.com/lists/oss-security/2008/07/12/2 Reference: CONFIRM:http://www.joomla.org/content/view/5180/1/ The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. ====================================================== Name: CVE-2008-3227 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3227 Reference: MLIST:[oss-security] 20080712 CVE requests: joomla <1.5.4 Reference: URL:http://www.openwall.com/lists/oss-security/2008/07/12/2 Reference: CONFIRM:http://www.joomla.org/content/view/5180/1/ Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability. ====================================================== Name: CVE-2008-3228 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3228 Reference: MLIST:[oss-security] 20080712 CVE requests: joomla <1.5.4 Reference: URL:http://www.openwall.com/lists/oss-security/2008/07/12/2 Reference: CONFIRM:http://www.joomla.org/content/view/5180/1/ Reference: CONFIRM:http://www.joomla.org/content/view/5180/1/1/1/#htaccess Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.
Current thread:
- CVE requests: joomla <1.5.4 Hanno Böck (Jul 12)
- Re: CVE requests: joomla <1.5.4 Steven M. Christey (Jul 18)