Update Protection against Joomla! "X_CMS_LIBRARY_PATH" Directory Traversal Vulnerability

Vulnerability
Protection

Check Point Reference:	CPAI-2009-011
Date Published:
Severity:
Source:	Secunia Advisory: SA33377
Industry Reference(s):	CVE-2009-0113
Protection Provided by:	IPS-1 IPS-1 IPS-1 NGX R65
Who is Vulnerable? Joomla! version 1.5.8 (other versions may also be affected)
Vulnerability Description A directory traversal vulnerability was detected in Joomla!, an open-source content management system (CMS). The vulnerability can be exploited to disclose sensitive information by accessing normally-inaccessible files on the server via directory traversal attacks.

Update/Patch Available Vendor advisory along with upgrade information: http://www.joomla.org/announcements/release-news/5226-joomla-159-security-release-now-available.html
Vulnerability Details Specifically, input passed to the "X_CMS_LIBRARY_PATH" HTTP header handled in plugins/editors/xstandard/attachmentlibrary.php is not properly verified before being used. A remote attacker can exploit this to display arbitrary directory contents.

Protection Overview
By enabling this protection, IPS-1 will detect and block attempts to access files outside the root directory of the Joomla! server.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Web Intelligence > WWW2, and select the CGI Attacks protection group
3. Click Joomla! Path Traversal (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Alert Name: WWW/CGI Attacks Protection Group
Description: Joomla! Path Traversal

Legal Notice for Threat Center Advisories