HTTP: Joomla! HTTP User Agent Object Injection
An object injection vulnerability has been reported in Joomla! CMS. Successful exploitation allows the attacker to execute arbitrary code under the security context of Web server.
Extended Description
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
Affected Products
Joomla joomla!
References
CVE: CVE-2015-8562
URL: https://blog.sucuri.net/2015/12/joomla-remote-code-execution-the-details.html https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html https://blog.patrolserver.com/2015/12/17/in-depth-analyses-of-the-joomla-0-day-user-agent-exploit/ https://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fdrops.wooyun.org%2Fpapers%2F11330 https://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fwww.freebuf.com%2Fvuls%2F89754.html https://bugs.php.net/bug.php?id=70219
Short Name
HTTP:JOOMLA-CMS-ACE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Agent CVE-2015-8562 HTTP Injection Joomla! Object User
Release Date
05/12/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3658
False Positive
Unknown
Vendors
Joomla
CVSS Score
7.5