{"id":3445,"date":"2016-01-06T12:25:13","date_gmt":"2016-01-06T12:25:13","guid":{"rendered":"https:\/\/unihost.com\/help\/?p=3445"},"modified":"2023-10-06T16:33:34","modified_gmt":"2023-10-06T13:33:34","slug":"critical-0-day-vulnerability-in-cms-joomla","status":"publish","type":"post","link":"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/","title":{"rendered":"Critical 0-day vulnerability in CMS Joomla"},"content":{"rendered":"

On Tuesday, December 14, Joomla development team had released a new version of security update<\/a> to patch a critical 0-day remote command execution vulnerability. Hackers have already been trying\u2002to attack vulnerable websites.<\/span><\/p>\n

This 0-day vulnerability is already being exploited by attackers \u2014 first attemts was detected on December 12. Log entries of websites that has been compromised contain the following information:<\/span><\/p>\n

2015 Dec 12 16:49:07 clienyhidden.access.log Src IP: 74.3.170.33 \/ CAN \/ Alberta 74.3.170.33 \u2013 \u2013 [12\/Dec\/2015:16:49:40 \u20130500] \u201cGET \/contact\/ HTTP\/1.1\u2033 403 5322 \u201chttp:\/\/google.com\/<\/a>\u201d \u201c}__test|O:21:\\x22JDatabaseDriverMysqli\\x22:3: .. {s:2:\\x22fc\\x22;O:17:\\x22JSimplepieFactory\\x22:0: .. {}s:21:\\x22\\x5C0\\x5C0\\x5C0disconnectHandlers\\x22;a:1:{i:0;a:2:{i:0;O:9:\\x22SimplePie\\x22:5:.. {s:8:\\x22sanitize\\x22;O:20:\\x22JDatabaseDriverMysql\\x22:0:{}s:8:\\x22feed_url\\x22;s:60:..<\/span><\/p>\n

Joomla session handling code contains a vulnerability that allows to inject a line in serialized session syntax via HTTP User- Agent or X-Forwarded-For headers. Exploit works because of MySQL\u2019s default behavior when it meets an UTF-8 character in the range\u2002U+010000 \u2014 U+10FFFF. MySQL will just truncate all the data if line with this character is injected. It allows to create a record with custom PHP-objects in a session table without any syntax violation. To deserialize an attacker session Joomla’s class destructors are being called, that leads to arbitrary code execution. You need to use utf8 in MySQL<\/a> to prevent data truncation.<\/span><\/p>\n

Joomla 1.5 was released in January 2008. It means that the vulnerability has existed in this and later versions for almost eight years now. Today there are no information about how many websites and web resources have been compromised by this 0-day exploit.<\/span><\/p>\n

\u00a0How to protect yourself from 0-day exploits<\/span><\/strong><\/p>\n

0-day vulnerability exploits on Joomla 1.5 – 3.4.5. All users need to update their system \u2014 you can do it here<\/a>. <\/span>
\nFor those on the 1.5.x and 2.5.x branches, install patches using the link (hotfixes user guide is available here<\/a>).<\/span><\/p>\n

As a temporary measure of precaution Sucuri specialists recommend to replace potentially dangerous data in HTTP User-Agent header. Here is an example of Apache web server configuration:<\/span><\/p>\n

RewriteCond %{HTTP_USER_AGENT} .*\\{.* [NC]<\/span><\/p>\n

RewriteRule .* – [F,L]<\/span><\/p>\n

This was not the first time when security researchers find vulnerabilities in CMS Joomla. There was a release of a 3.4.5 version in October 2015, where all the significant vulnerabilities that discovered opportunities of SQL injections and others were removed (CVE-2015-7297, CVE-2015-7857, CVE-2015-7858).<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

On Tuesday, December 14, Joomla development team had released a new version of security update to patch a critical 0-day remote command execution vulnerability. Hackers have already been trying\u2002to attack vulnerable websites. This 0-day vulnerability is already being exploited by attackers \u2014 first attemts was detected on December 12. Log entries of websites that has […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[251],"tags":[422,15,14],"class_list":["post-3445","post","type-post","status-publish","format-standard","hentry","category-cms-joomla","tag-cms-2","tag-cms","tag-joomla"],"yoast_head":"\nCritical 0-day vulnerability in CMS Joomla - Unihost.FAQ<\/title>\n<meta name=\"description\" content=\"\u2714 Critical 0-day vulnerability in CMS Joomla \u2714 How to protect yourself from 0-day exploits \u2714 CMS Joomla - Unihost.FAQ\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical 0-day vulnerability in CMS Joomla - Unihost.FAQ\" \/>\n<meta property=\"og:description\" content=\"\u2714 Critical 0-day vulnerability in CMS Joomla \u2714 How to protect yourself from 0-day exploits \u2714 CMS Joomla - Unihost.FAQ\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/\" \/>\n<meta property=\"og:site_name\" content=\"Unihost.FAQ\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/unihost\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-01-06T12:25:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-06T13:33:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unihost.com\/help\/minio.php?.\/unihost-logo-alt.png\" \/>\n\t<meta property=\"og:image:width\" content=\"250\" \/>\n\t<meta property=\"og:image:height\" content=\"141\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Unihost Support\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@unihost\" \/>\n<meta name=\"twitter:site\" content=\"@unihost\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Unihost Support\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/\"},\"author\":{\"name\":\"Unihost Support\",\"@id\":\"https:\/\/unihost.com\/help\/#\/schema\/person\/bb5ae95f38577c920e6a7507888b715a\"},\"headline\":\"Critical 0-day vulnerability in CMS Joomla\",\"datePublished\":\"2016-01-06T12:25:13+00:00\",\"dateModified\":\"2023-10-06T13:33:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/\"},\"wordCount\":394,\"publisher\":{\"@id\":\"https:\/\/unihost.com\/help\/#organization\"},\"keywords\":[\"CMS\",\"CMS\",\"Joomla\"],\"articleSection\":[\"CMS Joomla\"],\"inLanguage\":\"en\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/\",\"url\":\"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/\",\"name\":\"Critical 0-day vulnerability in CMS Joomla - Unihost.FAQ\",\"isPartOf\":{\"@id\":\"https:\/\/unihost.com\/help\/#website\"},\"datePublished\":\"2016-01-06T12:25:13+00:00\",\"dateModified\":\"2023-10-06T13:33:34+00:00\",\"description\":\"\u2714 Critical 0-day vulnerability in CMS Joomla \u2714 How to protect yourself from 0-day exploits \u2714 CMS Joomla - Unihost.FAQ\",\"breadcrumb\":{\"@id\":\"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/#breadcrumb\"},\"inLanguage\":\"en\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Unihost\",\"item\":\"https:\/\/unihost.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Help\",\"item\":\"https:\/\/unihost.com\/help\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Critical 0-day vulnerability in CMS Joomla\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/unihost.com\/help\/#website\",\"url\":\"https:\/\/unihost.com\/help\/\",\"name\":\"Unihost.FAQ\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/unihost.com\/help\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/unihost.com\/help\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/unihost.com\/help\/#organization\",\"name\":\"Unihost\",\"alternateName\":\"Unihost\",\"url\":\"https:\/\/unihost.com\/help\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en\",\"@id\":\"https:\/\/unihost.com\/help\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/unihost.com\/help\/minio.php?2026\/01\/minio.png\",\"contentUrl\":\"https:\/\/unihost.com\/help\/minio.php?2026\/01\/minio.png\",\"width\":300,\"height\":300,\"caption\":\"Unihost\"},\"image\":{\"@id\":\"https:\/\/unihost.com\/help\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/unihost\/\",\"https:\/\/x.com\/unihost\",\"https:\/\/www.instagram.com\/unihost\/?hl=en\",\"https:\/\/www.linkedin.com\/company\/unihost-com\",\"https:\/\/www.youtube.com\/channel\/UCITKsxMDnslQY8brN3advgw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/unihost.com\/help\/#\/schema\/person\/bb5ae95f38577c920e6a7507888b715a\",\"name\":\"Unihost Support\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en\",\"@id\":\"https:\/\/unihost.com\/help\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a0c9db17c2a0d93e8a0d5ac123f8c5db750ad4d3d5657369c0c4e480f5af77b8?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a0c9db17c2a0d93e8a0d5ac123f8c5db750ad4d3d5657369c0c4e480f5af77b8?s=96&d=mm&r=g\",\"caption\":\"Unihost Support\"},\"sameAs\":[\"https:\/\/unihost.com\/\"],\"url\":\"https:\/\/unihost.com\/help\/author\/support\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical 0-day vulnerability in CMS Joomla - Unihost.FAQ","description":"\u2714 Critical 0-day vulnerability in CMS Joomla \u2714 How to protect yourself from 0-day exploits \u2714 CMS Joomla - Unihost.FAQ","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/","og_locale":"en_US","og_type":"article","og_title":"Critical 0-day vulnerability in CMS Joomla - Unihost.FAQ","og_description":"\u2714 Critical 0-day vulnerability in CMS Joomla \u2714 How to protect yourself from 0-day exploits \u2714 CMS Joomla - Unihost.FAQ","og_url":"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/","og_site_name":"Unihost.FAQ","article_publisher":"https:\/\/www.facebook.com\/unihost\/","article_published_time":"2016-01-06T12:25:13+00:00","article_modified_time":"2023-10-06T13:33:34+00:00","og_image":[{"width":250,"height":141,"url":"https:\/\/unihost.com\/help\/minio.php?.\/unihost-logo-alt.png","type":"image\/png"}],"author":"Unihost Support","twitter_card":"summary_large_image","twitter_creator":"@unihost","twitter_site":"@unihost","twitter_misc":{"Written by":"Unihost Support","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/#article","isPartOf":{"@id":"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/"},"author":{"name":"Unihost Support","@id":"https:\/\/unihost.com\/help\/#\/schema\/person\/bb5ae95f38577c920e6a7507888b715a"},"headline":"Critical 0-day vulnerability in CMS Joomla","datePublished":"2016-01-06T12:25:13+00:00","dateModified":"2023-10-06T13:33:34+00:00","mainEntityOfPage":{"@id":"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/"},"wordCount":394,"publisher":{"@id":"https:\/\/unihost.com\/help\/#organization"},"keywords":["CMS","CMS","Joomla"],"articleSection":["CMS Joomla"],"inLanguage":"en"},{"@type":"WebPage","@id":"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/","url":"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/","name":"Critical 0-day vulnerability in CMS Joomla - Unihost.FAQ","isPartOf":{"@id":"https:\/\/unihost.com\/help\/#website"},"datePublished":"2016-01-06T12:25:13+00:00","dateModified":"2023-10-06T13:33:34+00:00","description":"\u2714 Critical 0-day vulnerability in CMS Joomla \u2714 How to protect yourself from 0-day exploits \u2714 CMS Joomla - Unihost.FAQ","breadcrumb":{"@id":"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/#breadcrumb"},"inLanguage":"en","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/unihost.com\/help\/critical-0-day-vulnerability-in-cms-joomla\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Unihost","item":"https:\/\/unihost.com\/"},{"@type":"ListItem","position":2,"name":"Help","item":"https:\/\/unihost.com\/help\/"},{"@type":"ListItem","position":3,"name":"Critical 0-day vulnerability in CMS Joomla"}]},{"@type":"WebSite","@id":"https:\/\/unihost.com\/help\/#website","url":"https:\/\/unihost.com\/help\/","name":"Unihost.FAQ","description":"","publisher":{"@id":"https:\/\/unihost.com\/help\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unihost.com\/help\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en"},{"@type":"Organization","@id":"https:\/\/unihost.com\/help\/#organization","name":"Unihost","alternateName":"Unihost","url":"https:\/\/unihost.com\/help\/","logo":{"@type":"ImageObject","inLanguage":"en","@id":"https:\/\/unihost.com\/help\/#\/schema\/logo\/image\/","url":"https:\/\/unihost.com\/help\/minio.php?2026\/01\/minio.png","contentUrl":"https:\/\/unihost.com\/help\/minio.php?2026\/01\/minio.png","width":300,"height":300,"caption":"Unihost"},"image":{"@id":"https:\/\/unihost.com\/help\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/unihost\/","https:\/\/x.com\/unihost","https:\/\/www.instagram.com\/unihost\/?hl=en","https:\/\/www.linkedin.com\/company\/unihost-com","https:\/\/www.youtube.com\/channel\/UCITKsxMDnslQY8brN3advgw"]},{"@type":"Person","@id":"https:\/\/unihost.com\/help\/#\/schema\/person\/bb5ae95f38577c920e6a7507888b715a","name":"Unihost Support","image":{"@type":"ImageObject","inLanguage":"en","@id":"https:\/\/unihost.com\/help\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a0c9db17c2a0d93e8a0d5ac123f8c5db750ad4d3d5657369c0c4e480f5af77b8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a0c9db17c2a0d93e8a0d5ac123f8c5db750ad4d3d5657369c0c4e480f5af77b8?s=96&d=mm&r=g","caption":"Unihost Support"},"sameAs":["https:\/\/unihost.com\/"],"url":"https:\/\/unihost.com\/help\/author\/support\/"}]}},"_links":{"self":[{"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/posts\/3445","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/comments?post=3445"}],"version-history":[{"count":10,"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/posts\/3445\/revisions"}],"predecessor-version":[{"id":16341,"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/posts\/3445\/revisions\/16341"}],"wp:attachment":[{"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/media?parent=3445"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/categories?post=3445"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unihost.com\/help\/wp-json\/wp\/v2\/tags?post=3445"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}