- Project: Joomla!
- Subproject: All
- Severity: Low
- Versions: 1.5.14 and all previous 1.5 releases
- Exploit type: Disclosure Extension Version
- Reported Date: 13-October-2009
- Fixed Date: 2009-Nov-03
Description
It is possible to read the contents of an XML file’s extension and find the version number of the installed extensions. This Could Known to allow people to exploit security flaws for a specific version of an extension.
Affected Installs
All 1.5.x installs prior to and Including 1.5.14 are affected.
Solution
Turn on and configure your Apache mod_rewrite. Htaccess file to filter out XML files. In the htaccess.txt file shipped with version 1.5.15, lines 35-39 Contain example code That will deny access to XML files. You can built this code (or similar code) into your. Htaccess file. Be sure to test That it does not cause problems on your site.
Reported by WHK and Gerg? Erd? Is