S

SUPEE-8788

SUPEE-8788 is a security patch for Magento released on October 11, 2016 that provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting.

 

APPSEC-1484 – Remote Code Execution in checkout
Type: Remote Code Execution (RCE)
CVSSv3 Severity: 9.8 (Critical)
Known Attacks: None
Description: With some payment methods it might be possible to execute malicious PHP code during checkout.
Product(s) Affected: Magento CE prior to 1.9.3, and Magento EE prior to 1.14.3
Fixed In: CE 1.9.3, EE 1.14.3, SUPEE-8788
Reporter: Peter O’Callaghan
APPSEC-1480 – SQL injection in Zend Framework
Type: SQL Injection/Improper validation
CVSSv3 Severity: 9.1 (Critical)
Known Attacks: None
Description: A bug in Zend Framework value escaping allows a malicious user to inject SQL through the ordering or grouping parameters. While there are no known frontend entry point vulnerabilities that would allow for a full SQL injection, we’ve found an entry point in the Magento Admin panel, and other entry points most likely exist.
Product(s) Affected: Magento CE prior to 1.9.3, and Magento EE prior to 1.14.3
Fixed In: CE 1.9.3, EE 1.14.3, SUPEE-8788
Reporter: Peter O’Callaghan
APPSEC-1488 – Stored XSS in invitations
Type: Cross-Site Scripting (XSS) – Stored
CVSSv3 Severity: 8.2 (High)
Known Attacks: None
Description: It is possible to use the Magento Enterprise Edition invitations feature to insert malicious JavaScript that might be executed in the admin context.
Product(s) Affected: Magento EE prior to 1.14.3
Fixed In: EE 1.14.3, SUPEE-8788
Reporter: Peter O’Callaghan
APPSEC-1247 – Block cache exploit
Type: Information Leakage
CVSSv3 Severity: 7.7 (High)
Known Attacks: None
Description: With access to any CMS functionality, an attacker with administrator permissions can use blocks to exfiltrate information stored in cache. This sensitive information includes store configuration, encryption key, and database connection details. Additionally, it might be possible to execute code.
Product(s) Affected: Magento CE prior to 1.9.3, and Magento EE prior to 1.14.3
Fixed In: CE 1.9.3, EE 1.14.3, SUPEE-8788
Reporter: Peter O’Callaghan
APPSEC-1517 – Log in as another customer
Type: Insufficient data protection
CVSSv3 Severity: 7.5 (High)
Known Attacks: None
Description: In certain configurations, it is possible to log in as existing store customer while knowing only his email address, not his password.
Product(s) Affected: Magento CE prior to 1.9.3, and Magento EE prior to 1.14.3
Fixed In: CE 1.9.3, EE 1.14.3, SUPEE-8788
Reporter: Peter O’Callaghan
APPSEC-1375 – Remote Code Execution in admin
Type: Remote code execution (RCE)
CVSSv3 Severity: 6.5 (Medium)
Known Attacks: None
Description: The import/export functionality in Magento unserializes data supplied from the Admin dashboard without proper checks. This can lead to possible code execution if a malicious user has Magento Admin access, even if access is limited to the import/export functionality.
Product(s) Affected: Magento CE prior to 1.9.3, and Magento EE prior to 1.14.3
Fixed In: CE 1.9.3, EE 1.14.3, SUPEE-8788
Reporter: Peter O’Callaghan
APPSEC-1338 – Full Page Cache poisoning
Type: Cache Poisoning
CVSSv3 Severity: 6.5 (Medium)
Known Attacks: None
Description: It is possible to manipulate the full page cache to store incorrect pages under regular page URL entries. This issue affects only Magento Enterprise Edition.
Product(s) Affected: Magento EE prior to 1.14.3
Fixed In: EE 1.14.3, SUPEE-8788
Reporter: Peter O’Callaghan
APPSEC-1436 – XSS vulnerability in URL processing
Type: Cross-site Scripting (XSS)
CVSSv3 Severity: 6.1 (Medium)
Known Attacks: None
Description: Magento function related to URL processing incorrectly uses user-supplied data from request headers. This can result in a cross-site scripting issue.
Product(s) Affected: Magento CE prior to 1.9.3, and Magento EE prior to 1.14.3
Fixed In: CE 1.9.3, EE 1.14.3, SUPEE-8788
Reporter: Internal/support
APPSEC-1211 – XSS in categories management
Type: Cross-site Scripting (XSS)
CVSSv3 Severity: 6.1 (Medium)
Known Attacks: None
Description: It is possible to create a category that contains malicious JavaScript code in the category name. This code will then be executed in other parts of the Admin panel, such as URL Rewrites. To exploit this issue, a user would need admin access to catalog management.
Product(s) Affected: Magento CE prior to 1.9.3, and Magento EE prior to 1.14.3
Fixed In: CE 1.9.3, EE 1.14.3, SUPEE-8788
Reporter: Milan A. Solanki
APPSEC-1058 – GIF flooding
Type: Denial of Service (DoS)
CVSSv3 Severity: 5.3 (Medium)
Known Attacks: None
Description: A malicious user can upload a modified image that could cause a script timeout, resulting in a denial of service attack. (This potential vulnerability affects stores that allow users to upload images as a custom option or through the Admin dashboard)
Product(s) Affected: Magento CE prior to 1.9.3, and Magento EE prior to 1.14.3
Fixed In: CE 1.9.3, EE 1.14.3, SUPEE-8788
Reporter: Shahmeer Baloch
APPSEC-666 – Cross-site scripting in Flash file uploader
Type: Cross-Site Scripting (XSS) – reflected
CVSSv3 Severity: 5.3 (Medium)
Known Attacks: None
Description: Reflected cross-site scripting is possible on sites that use the file custom option.
Product(s) Affected: Magento CE prior to 1.9.3, and Magento EE prior to 1.14.3
Fixed In: CE 1.9.3, EE 1.14.3, SUPEE-8788
Reporter: Francisco Javier Correa Silva
APPSEC-1282: Filter avoidance
Type: Filter avoidance
CVSSv3 Severity: 4.9 (Medium)
Known Attacks: None
Description: Implementing filters for XSS in email templates and other Admin features might not be sufficient to stop specially crafted exploit strings.
Product(s) Affected: Magento CE prior to 1.9.3, and Magento EE prior to 1.14.3
Fixed In: CE 1.9.3, EE 1.14.3, SUPEE-8788
Reporter: Peter O’Callaghan
APPSEC-327 – CSRF in several forms
Type: Cross-site Request Forgery (CSRF)
CVSSv3 Severity: 4.7 (Medium)
Known Attacks: None
Description: Improper form key validation leads to possible CSRF attacks on several forms throughout Magento. As a result, a malicious user could create a phishing form that, when clicked by a user, would execute an action such as update cart or login. Note: This issue affects only older versions of Magento.
Product(s) Affected: Magento CE prior to 1.8.1, and Magento EE prior to 1.13.1
Fixed In: CE 1.9.3, EE 1.14.3, SUPEE-8788
Reporter: Internal
APPSEC-1189 – CSRF on removing item from Wishlist or Address Book
Type: Cross-site Request Forgery (CSRF)
CVSSv3 Severity: 4.7 (Medium)
Known Attacks: None
Description: It is possible to create a phishing page that if visited by a store customer would delete the customer’s address or wishlist items.
Product(s) Affected: Magento CE prior to 1.9.3, and Magento EE prior to 1.14.3
Fixed In: CE 1.9.3, EE 1.14.3
Reporter: High-Tech Bridge Security Research
APPSEC-1478: Session does not expire on logout
Type: Insufficient Session Expiration
CVSSv3 Severity: 4.2 (Medium)
Known Attacks: None
Description: Session do not expire after logout, making it possible to steal session cookies and access a customer’s account. This risk primarily occurs when users share a computer to access the site.
Product(s) Affected: Magento CE prior to 1.9.3, and Magento EE prior to 1.14.3
Fixed In: CE 1.9.3, EE 1.14.3, SUPEE-8788
Reporter: Mahmoud Osama
APPSEC-1106 – Lack of certificate validation enables MitM attacks
Type: Man-in-the-Middle (MitM)
CVSSv3 Severity: 3.7 (Low)
Known Attacks: None
Description: Lack of certificate validation on calls to external services enables man-in-the-middle attacks on those calls. This results in possible disclosure of customer information. The risk is low due to the effort needed to execute such an attack.
Product(s) Affected: Magento CE prior to 1.9.3, and Magento EE prior to 1.14.3
Fixed In: CE 1.9.3, EE 1.14.3, SUPEE-8788
Reporter: Maksymilian Arciemowicz
APPSEC-995 – Timing attack on hash checking
Type: Timing attack
CVSSv3 Severity: 3.7 (Low)
Known Attacks: None
Description: It is theoretically possible to execute a timing attack on the password checking functionality. This is a low-risk vulnerability due to the effort required to execute this attack successfully.
Product(s) Affected: Magento CE prior to 1.9.3, and Magento EE prior to 1.14.3
Fixed In: CE 1.9.3, EE 1.14.3, SUPEE-8788
Reporter: Teguh P. Alko

 

SUPEE-8788
0 votes, 0.00 avg. rating (0% score)