Magento SUPEE 6788

SUPEE-6788 is a bundle of patches that resolve several security-related issues.

Note: this patch bundle may possibly break backward compatibility with customizations or extensions. Please check the technical detailspage.

You can find more details on the vulnerabilities address by this patch below:

Error Reporting in Setup Exposes Configuration - APPSEC-1102

Type:

Information Leakage (Internal)

CVSSv3 Severity:

7.5 (High)

Known Attacks:

None

Description:

Error messages generated during the Magento installation, or during a failed extension installation, can expose the Magento configuration and database access credentials. In most cases, the database server is configured to prevent external connections. In other cases, the information can be exploited, or tied to another attack.

Product(s) Affected:

Magento CE prior to 1.9.2.2, and Magento EE prior to 1.14.2.2

Fixed In:

CE 1.9.2.2, EE 1.14.2.2

Reporter:

Albert Assmann

Filter Directives Can Allow Access to Protected Data - APPSEC-1057

Type:

Information Leakage

CVSSv3 Severity:

7.5 (High)

Known Attacks:

None

Description:

Email template filter functionality can be used to call blocks exposing customer information like last orders or integration passwords. While this functionality is used internally in Magento safely, we were informed about external extensions that use it to process user input like blog comments. This allows to access protected information from store front.

Note: technical details on this issue are available here.

Product(s) Affected:

Magento CE prior to 1.9.2.2, and Magento EE prior to 1.14.2.2

Fixed In:

CE 1.9.2.2, EE 1.14.2.2

Reporter:

Peter O'Callaghan

XXE/XEE attack on Zend XML functionality using multibyte payloads - APPSEC-1045

Type:

XXE/XEE (XML Injection)

CVSSv3 Severity:

7.5 (High)

Known Attacks:

None

Description:

Magento can be forced to read XML via API calls containing ENTITY references to local files, possibly reading password or configuration files. While Zend Framework filters out ENTITY references, they can be encoded as multi-byte characters to avoid detection.

This is a Zend Framework issue described here http://framework.zend.com/changelog/1.12.14/

Product(s) Affected:

Magento CE prior to 1.9.2.2, and Magento EE prior to 1.14.2.2

Fixed In:

CE 1.9.2.2, EE 1.14.2.2

Reporter:

Dawid Golunski

Potential SQL Injection in Magento Core Model Based Classes - APPSEC-1063

Type:

SQL Injection

CVSSv3 Severity:

7.4 (High)

Known Attacks:

None

Description:

addFieldtoFilter method does not escape field name. Although core Magento functionality is not affected, this issue might impact third-party extensions such as layered navigation extensions. Such extensions might be exploited from the storefront to execute any SQL queries. 

Note: technical details on this issue are available here.

Product(s) Affected:

Magento CE prior to 1.9.2.2, and Magento EE prior to 1.14.2.2

Fixed In:

CE 1.9.2.2, EE 1.14.2.2

Reporter:

Jim O'Halloran/Aligent

Potential remote code execution using Cron - APPSEC-1037

Type:

Remote Code Execution (RCE)

CVSSv3 Severity:

7.2 (High)

Known Attacks:

None

Description:

Cron.php script is available for anyone to call and itself calls command line functions. It makes is a possible target for the Shellshock vulnerability (which should be fixed on the server). Additionally, the command passed to shell is not escaped, which in case of a directory named as a shell command can result in code execution – such attack requires however additional access to create directories with arbitrary names, like hosting panel. While scored as high, the attack is not exploitable by itself.

Product(s) Affected:

Magento CE 1.8.0.0 - 1.9.2.1, and Magento EE 1.13.0.0 - 1.14.2.1

Fixed In:

CE 1.9.2.2, EE 1.14.2.2

Reporter:

Dawid Golunski

Remote Code Execution/Information Leak Using File Custom Option - APPSEC-1079

Type:

Remote Code Execution/Information Leak

CVSSv3 Severity:

6.5 (Medium)

Known Attacks:

None

Description:

Custom option values are not cleared when the custom option type is switched. This makes it possible to inject malicious serialized code into a custom option of the “text” type, and execute it by switching the custom option type to “file.”

To exploit this remote code execution attack the store has to use custom options and a store administration account with access to catalog/products.

Additionally, manipulation of custom options from the storefront makes it possible to read system files if store uses custom options.

Note: technical details on this issue are available here.

Product(s) Affected:

Magento CE prior to 1.9.2.2, and Magento EE prior to 1.14.2.2

Fixed In:

CE 1.9.2.2, EE 1.14.2.2

Reporter:

Peter O'Callaghan

Cross site scripting with error messages - APPSEC-1039

Type:

Cross-site Scripting (CSS) - reflected

CVSSv3 Severity:

6.1 (Medium)

Known Attacks:

None

Description:

Error messages on store front pages are not escaped correctly, enabling self XSS issue.

Product(s) Affected:

Magento CE prior to 1.9.2.2, and Magento EE prior to 1.14.2.2

Fixed In:

CE 1.9.2.2, EE 1.14.2.2

Reporter:

Ultra Security

Potential remote code execution using error reports and downloadable products - APPSEC-1032

Type:

Remote Code Execution (RCE)

CVSSv3 Severity:

6.1 (Medium)

Known Attacks:

None

Description:

It is possible to put unvalidated information (including code) into error report files. This attack could be tied with potential other attacks to execute the code in the report files. This issue is not exploitable itself.

Product(s) Affected:

Magento CE prior to 1.9.2.2, and Magento EE prior to 1.14.2.2

Fixed In:

CE 1.9.2.2, EE 1.14.2.2

Reporter:

Hannes Karlsson

 

Admin Path Disclosure - APPSEC-1034

Type:

Information Leakage (Internal)

CVSSv3 Severity:

5.3 (Medium)

Known Attacks:

None

Description:

Attacker can force showing admin panel login page regardless of admin panel URL by calling a module directly. It makes it easier to try automated password attacks and exposes admin URL on the page.

 

Note: technical details on this issue are available here.

Product(s) Affected:

Magento CE prior to 1.9.2.2, and Magento EE prior to 1.14.2.2

Fixed In:

CE 1.9.2.2, EE 1.14.2.2

Reporter:

Nils Preuss

Insufficient Protection of Password Reset Process - APPSEC-1027

Type:

Account Takeover

CVSSv3 Severity:

3.8 (Low)

Known Attacks:

None

Description:

The token to reset password is passed via a GET request and not cancelled after use. This means it leaks in the referrer field to all external services called on the page (image servers, analytics, ads) and can be potentially reused to steal customer password.

Product(s) Affected:

Magento CE prior to 1.9.2.2, and Magento EE prior to 1.14.2.2

Fixed In:

CE 1.9.2.2, EE 1.14.2.2

Reporter:

Vishnu Dfx

Dev Folder Not Protected - APPSEC-1124

Type:

Information Leakage (Internal)

CVSSv3 Severity:

0.0 (None)

Known Attacks:

None

Description:

The Magento dev folder, including functional tests, lacked a proper .htaccess file to prevent browser access. As a best practice, all files and directories that are not intended for public view should be protected.

Product(s) Affected:

Magento CE 1.9.2.0-1.9.2.1, and Magento EE 1.14.2.0-1.14.2.1

Fixed In:

CE 1.9.2.2, EE 1.14.2.2

Reporter:

Internal

For Magento Community Edition only prior to version 1.9.2.1:

Cross-site Scripting/Cache Poisoning - APPSEC-1030

Type:

Cross-site Scripting (XSS) - Stored / Cache Poisoning

CVSSv3 Severity:

9.3 (Critical)

Known Attacks:

None

Description:

Unvalidated host header leaks into response and page. Because the page can be cached, this leak poses a risk for all store customers because any HTML or JavaScript code can be injected. Such an exploit works only with specific server configurations, and allows an attacker to intercept a session or modify a page with fake credit card forms, etc.

Note: While this issue is not applicable to out of the box Magento Community installations, it could possibly be exploited with 3rd party full page caching extensions. This patch was also already included in 1.9.2.1 release.

Product(s) Affected:

Magento CE prior to 1.9.2.1

Fixed In:

EE 1.14.2.1

Reporter:

Internal (ECG)


1、资源项目源码均已通过严格测试验证,保证能够正常运行; 2、项目问题、技术讨论,可以给博主私信或留言,博主看到后会第一时间与您进行沟通; 3、本项目比较适合计算机领域相关的毕业设计课题、课程作业等使用,尤其对于人工智能、计算机科学与技术等相关专业,更为适合; 4、下载使用后,可先查看REaDME.md或论文文件(如有),本项目仅用作交流学习参考,请切勿用于商业用途。 5、资源来自互联网采集,如有侵权,私聊博主删除。 6、可私信博主看论文后选择购买源代码。 1、资源项目源码均已通过严格测试验证,保证能够正常运行; 2、项目问题、技术讨论,可以给博主私信或留言,博主看到后会第一时间与您进行沟通; 3、本项目比较适合计算机领域相关的毕业设计课题、课程作业等使用,尤其对于人工智能、计算机科学与技术等相关专业,更为适合; 4、下载使用后,可先查看README.md或论文文件(如有),本项目仅用作交流学习参考,请切勿用于商业用途。 5、资源来自互联网采集,如有侵权,私聊博主删除。 6、可私信博主看论文后选择购买源代码。 1、资源项目源码均已通过严格测试验证,保证能够正常运行; 2、项目问题、技术讨论,可以给博主私信或留言,博主看到后会第一时间与您进行沟通; 3、本项目比较适合计算机领域相关的毕业设计课题、课程作业等使用,尤其对于人工智能、计算机科学与技术等相关专业,更为适合; 4、下载使用后,可先查看README.md或论文文件(如有),本项目仅用作交流学习参考,请切勿用于商业用途。 5、资源来自互联网采集,如有侵权,私聊博主删除。 6、可私信博主看论文后选择购买源代码。
1、资源项目源码均已通过严格测试验证,保证能够正常运行; 2、项目问题、技术讨论,可以给博主私信或留言,博主看到后会第一时间与您进行沟通; 3、本项目比较适合计算机领域相关的毕业设计课题、课程作业等使用,尤其对于人工智能、计算机科学与技术等相关专业,更为适合; 4、下载使用后,可先查看README.md或论文文件(如有),本项目仅用作交流学习参考,请切勿用于商业用途。 5、资源来自互联网采集,如有侵权,私聊博主删除。 6、可私信博主看论文后选择购买源代码。 1、资源项目源码均已通过严格测试验证,保证能够正常运行; 2、项目问题、技术讨论,可以给博主私信或留言,博主看到后会第一时间与您进行沟通; 3、本项目比较适合计算机领域相关的毕业设计课题、课程作业等使用,尤其对于人工智能、计算机科学与技术等相关专业,更为适合; 4、下载使用后,可先查看README.md或论文文件(如有),本项目仅用作交流学习参考,请切勿用于商业用途。 5、资源来自互联网采集,如有侵权,私聊博主删除。 6、可私信博主看论文后选择购买源代码。 、资源1项目源码均已通过严格测试验证,保证能够正常运行; 2、项目问题、技术讨论,可以给博主私信或留言,博主看到后会第一时间与您进行沟通; 3、本项目比较适合计算机领域相关的毕业设计课题、课程作业等使用,尤其对于人工智能、计算机科学与技术等相关专业,更为适合; 4、下载使用后,可先查看README.md或论文文件(如有),本项目仅用作交流学习参考,请切勿用于商业用途。 5、资源来自互联网采集,如有侵权,私聊博主删除。 6、可私信博主看论文后选择购买源代码。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值