Author Topic: Magento not fully patched?  (Read 809 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32549
  • malware fighter
Magento not fully patched?
« on: January 30, 2020, 12:33:10 PM »
In the light of this security advice: https://helpx.adobe.com/security/products/magento/apsb20-02.html
Checked https://www.magereport.com/scan/?s=https://bb.qsl-webshop.com/  (with Magento 1.0 end of lifetime low risk site)
Not secure connection: -https://195.160.161.138/
No direct IP related detections: https://www.virustotal.com/gui/ip-address/195.160.161.138/relations
Consider also: https://sitereport.netcraft.com/?url=https%3A%2F%2Fbb.qsl-webshop.com%2Fbb_pl_pl%2Fcustomer%2Faccount%2Flogin%2F

JQuery vulnerability:
Quote
jquery   1.12.4   Found in -https://bb.qsl-webshop.com/static/version1580133709/frontend/Qsl/bb/pl_PL/jquery.min.js
Vulnerability info:
Medium  3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   
knockout   3.4.2   Found in -https://bb.qsl-webshop.com/static/version1580133709/frontend/Qsl/bb/pl_PL/knockoutjs/knockout.min.js
Vulnerability info:
Medium   XSS injection point in attr name binding for browser IE7 and older

header insecurity
Quote
7.8
CVE-2018-16843
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
7.8
CVE-2018-16844
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
7.8
CVE-2018-16845
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
5.8
CVE-2019-20372
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
4.3
&
Quote
Query JavaScript Library, headers - 1.12.4
7.2
NODEJS:328
Cross-Site Scripting (XSS)
7.2
NODEJS:329
XSS via improper selector detection
7.2
NODEJS:330
Exceeding Stack Call Limit DoS
5.3


polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: January 30, 2020, 12:35:20 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32549
  • malware fighter
Re: Magento not fully patched?
« Reply #1 on: February 05, 2020, 11:50:31 PM »
Hi Jose696,

Site is a website with Word Press CMS all-right, but it is not that bad security-wise (es una web bonita  ;).
Neatly configured for user enumeration as well as directory listing both set to disabled. 

Linked site OK: Linked Sites
Google Safe Browse checks have been performed on each of the linked sites.
Links with poor reputation could be a threat to users of the site. Hosting and location are also included in the results.

Externally Linked Host   Hosting Provider   Country   
    -www.dmca.com   Microsoft Corporation   Unite  Google Safebrowsing rates it as OK.

Hints toward imrovement: https://webhint.io/scanner/d1f2dfff-c35d-4dd9-867f-fcf6b64e7451
Just security header for access-control-allow-origin being returned.

Retirable jQuery library detected: jquery   1.12.4-wp   Found in -https://tuwebdecero.com/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

Blocking users should block 34% of trackers and 34 % of ads on website according to ZenMate Web Firewall.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!