Check Point Advisories

Update Protection against Joomla! HTTP Header Script Injection

Check Point Reference: CPAI-2009-215
Date Published: 24 Jul 2009
Severity: High
Last Updated: Thursday 01 January, 2009
Source: SecurityFocus
Industry Reference:N/A
Protection Provided by:
Who is Vulnerable? Joompla! 1.5.11
Vulnerability Description Joomla! is a content management system (CMS) designed for building Web sites and online applications. Joomla! fails to parse HTTP headers, allowing an attacker to inject JavaScript or DHTML code that can be executed in the context of a target user browser.
Vulnerability DetailsJoomla!'s HTTP headers are not properly parsed, specifically the HTTP_REFERER variable. An attacker can create a crafted HTTP request with malicious data in the HTTP_REFERER header to perform a cross-site scripting attack aganinst the affected application.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK