Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?


Login with username, password and session length
March 19, 2010, 02:39:32 AM

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Joomla Vulnerable Scripts Alerts  (Read 935 times)
dmcneillsf
Pong! (the videogame) Master
*****
Offline Offline

Posts: 28



WWW
« on: January 03, 2009, 03:46:44 PM »
I've been receiving e-mails regarding vulnerable scripts in versions 1.5.7 and 1.5.8 of Joomla.  The potential problem relates to SSL certifications and cookies.  My sites don't use SSL certificates or cookies.

How can I resolve my installation so that the LP security scans aren't flagged by my Joomla installations? 

Thanks for your help,
Deb
Logged
Mitch
Senior Moderator
Berserker Poster
*****
Offline Offline

Posts: 12714


Business Development Specialist at Lunarpages


WWW
« Reply #1 on: January 05, 2009, 05:24:39 AM »
First thing I would do is make sure you are using the latest version of Joomla:

http://www.joomla.org/download.html

Next, you might search the Joomla forums to see if you can find out where the problem is and how to patch it up if it hasn't been done yet by the Joomla team:

http://forum.joomla.org/

Hope that helps!
Logged
New Lunarpages Contest! - Win a Free Web Site Design! Enter Today!

Mitch the Moderator - follow me @lunarpages on Twitter!
Important Threads: Read This Before Posting! | Lunarforums Rules! | Mitch's Link of the Day!
Also, be sure to check out and subscribe to the Lunartics Blog and the Lunarpages Newsletter !

Need Web Hosting Help? Check out the Lunarpages Web Hosting Wiki. It has tons of tips, tutorials and resources!
dmcneillsf
Pong! (the videogame) Master
*****
Offline Offline

Posts: 28



WWW
« Reply #2 on: January 05, 2009, 07:59:54 AM »
I have downloaded the latest version of Joomla (1.5.Gleam and searched the Joomla forum.  I have also researched the Joomla Security Center  http://developer.joomla.org/security.html and they don't have this vulnerability posted.  Your information is coming from a third party with no solution. 

Is this really important if I'm not dealing with ssl certificates and dropping cookies in my application?

Thanks for checking on this for me,
Deb
Logged
Mitch
Senior Moderator
Berserker Poster
*****
Offline Offline

Posts: 12714


Business Development Specialist at Lunarpages


WWW
« Reply #3 on: January 05, 2009, 08:41:59 AM »
Yes, this is where the problem was first announced:

http://www.securityfocus.com/archive/1/499295/30/0/threaded

Our e-mail was sent out as an advisement, so that you would know the issue is out there.  Thus far, it looks like the Joomla team has yet to acknowledge the hole, but hopefully they will soon or in a future release. 
Logged
New Lunarpages Contest! - Win a Free Web Site Design! Enter Today!

Mitch the Moderator - follow me @lunarpages on Twitter!
Important Threads: Read This Before Posting! | Lunarforums Rules! | Mitch's Link of the Day!
Also, be sure to check out and subscribe to the Lunartics Blog and the Lunarpages Newsletter !

Need Web Hosting Help? Check out the Lunarpages Web Hosting Wiki. It has tons of tips, tutorials and resources!
Mitch
Senior Moderator
Berserker Poster
*****
Offline Offline

Posts: 12714


Business Development Specialist at Lunarpages


WWW
« Reply #4 on: January 05, 2009, 08:58:14 AM »
Might also check out this reply to a forum thread here:

http://forum.joomla.org/viewtopic.php?p=1522434#p1522434

Does a good job at telling you what the problem is (in words we can all understand)
Logged
New Lunarpages Contest! - Win a Free Web Site Design! Enter Today!

Mitch the Moderator - follow me @lunarpages on Twitter!
Important Threads: Read This Before Posting! | Lunarforums Rules! | Mitch's Link of the Day!
Also, be sure to check out and subscribe to the Lunartics Blog and the Lunarpages Newsletter !

Need Web Hosting Help? Check out the Lunarpages Web Hosting Wiki. It has tons of tips, tutorials and resources!
dmcneillsf
Pong! (the videogame) Master
*****
Offline Offline

Posts: 28



WWW
« Reply #5 on: January 05, 2009, 10:56:58 AM »
Mitch,
Thanks so much for finding the plain language explanation of the problem.  I'll keep track of the next version of joomla, upgrade all my sites right away and ignore the vulnerability notices in the meantime. 

Thanks for your help on this  Thumbs Up
Deb
Logged
Mitch
Senior Moderator
Berserker Poster
*****
Offline Offline

Posts: 12714


Business Development Specialist at Lunarpages


WWW
« Reply #6 on: January 05, 2009, 11:04:02 AM »
Not a problem, happy to help!  Very Happy
Logged
New Lunarpages Contest! - Win a Free Web Site Design! Enter Today!

Mitch the Moderator - follow me @lunarpages on Twitter!
Important Threads: Read This Before Posting! | Lunarforums Rules! | Mitch's Link of the Day!
Also, be sure to check out and subscribe to the Lunartics Blog and the Lunarpages Newsletter !

Need Web Hosting Help? Check out the Lunarpages Web Hosting Wiki. It has tons of tips, tutorials and resources!
Dragonrider
Trekkie
**
Offline Offline

Posts: 18
« Reply #7 on: January 10, 2009, 06:22:42 AM »
New Version of Joomla 1.5.9 now available from http://joomlacode.org/gf/download/frsrelease/9294/34966/Joomla_1.5.9-Stable-Full_Package.zip
Logged
dmcneillsf
Pong! (the videogame) Master
*****
Offline Offline

Posts: 28



WWW
« Reply #8 on: January 10, 2009, 07:13:16 PM »
Glad to get the news about the new version.  I guess my plans for tomorrow evening have changed a bit (upgrade 3 sites!). 

Thanks again for your help,
Deb
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to: