Security Vulnerabilities

Joomla! 1.0.8 Contains thirty-seven (37)  fixes for Security Vulnerabilities.  14 Medium Level threats and 23 Low Level threats

Medium Level Threat Fixes

• A3 - Hardening of Remember Me login functionality
• A7 - Protect against real server path disclosure via syndication component
• A1 - Limit arbitrary file creation via syndication component
• A7 - Protect against real server path disclosure in mod_templatechooser
• A9 - Inputfilter vulnerable to DOS attacks
• A2 - Disallow `Weblink` item from being accessible when 'unpublished'
• A2 - Disallow `Polls` item from being accessible when 'unpublished'
• A2 - Disallow `Newfeeds` item from being accessible when category 'unpublished'
• A2 - Disallow `Weblinks` item from being accessible when category 'unpublished'
• A2 - Disallow `Content` item from being accessible despite section/category 'access level'
• A2 - Disallow `Newsfeed` item from being accessible despite category 'access level'
• A2 - Disallow `Weblink` item from being accessible despite category 'access level'
• A2 - Disallow `Content` item from being visible despite category 'access level'
• A2 - `Blog - Content Section` & `Blog - Content Section Archive`
• A2 - Disallow `Content` items from being viewable when category/section 'unpublished'
  - mod_newsflash

Low Level Threat Fixes

• A3 - Harden frontend Session ID
• A6 - Harden against multiple Admin SQL Injection Vulnerabilities
• A1 - Disable ability to enter more than one email address in Contact Component contact form
• A1 - Harden Contact Component with param option to check for existence of session cookie
  - enabled by default
• A3 - Additional check for correct Admin session name
• A2 - Disallow access to syndication functionality
• A2 - Disallow `Newsfeeds` Categories from being accessible when 'unpublished'
• A2 - Disallow `Contact` Categories from being accessible when 'unpublished'
• A2 - Disallow `Weblink` Categories from being accessible when 'unpublished'
• A2 - Disallow `Content Section` from being accessible when section 'unpublished'
  - `List - Content Section`
• A2 - Disallow `Content Category` from being accessible when category/section 'unpublished'
  - `Table - Content Category`
• A2 - Disallow `Contact` Categories from being accessible as per category 'access level'
• A2 - Disallow `Newsfeeds` Categories from being accessible as per category 'access level'
• A2 - Disallow `Weblinks` Categories from being accessible as per category 'access level'
• A2 - Disallow `Content Section` from being accessible as per section 'access level'
  - `List - Content Section`
• A2 - Disallow `Content Category` from being accessible as per section/category 'access level'
  - `Table - Content Category`
• A2 - Disallow `Content Category` from being accessible as per category 'access level'
  - `Blog - Content Category` & `Blog - Content Category Archive`
• A2 - Disallow `Content` item links from being visible as per category/section 'access level'
  - mod_newsflash, mod_latestnews, mod_mostread

OWASP Vulnerability Categorization

As part of our improved focus on security, we are adopting the Open Web Application Security Project (OWASP) Top Ten Vulnerability categorization system, to standardize the categorization of security vulnerability reports.  The legend of the vulnerability categories for the vulnerabilities above are listed below:

• A1 - Unvalidated Input
• A2 - Broken Access Control
• A3 - Broken Authentication and Session Management
• A6 - Injection Flaws
• A7 - Improper Error Handling
• A9 - Denial of Service