Multiple Vulnerabilities in Joomla! Could Allow for Information Disclosure

ITS Advisory Number: 
2017-093
Date(s) Issued: 
Tuesday, September 26, 2017
Subject: 
Multiple Vulnerabilities in Joomla! Could Allow for Information Disclosure
Overview: 

Multiple vulnerabilities have been discovered in Joomla!, which could allow for information disclosure. Joomla! is an open source content management system for websites. Successful exploitation of these vulnerabilities could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.    

THREAT INTELLIGENCE:

Proof of Concept code is available that reproduces one of these vulnerabilities. (CVE-2017-14596)

 

Systems Affected: 
  • Joomla! versions prior to 3.8
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
Medium
BUSINESS
Large and medium business entities: 
High
Small business entities: 
Medium
Home Users: 
N/A
Description: 

Multiple vulnerabilities have been discovered in Joomla!, which could allow for information disclosure. Details of these vulnerabilities are as follows:

  • A logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state. (CVE-2017-14595)
  • Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password. (CVE-2017-14596)

Successful exploitation of these vulnerabilities could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

 

Actions: 
  • After appropriate testing, immediately apply applicable patches provided by Joomla! to the vulnerable systems.
  • Verify no unauthorized system modifications have occurred on system before applying the patch.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.