Magento Community Edition 2.x < 2.0.6 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 9694

Synopsis

The remote web server is running an outdated instance of Magento Community Edition (CE) that is affected by multiple attack vectors.

Description

Versions of Magento CE 2.x prior to 2.0.6 are affected by multiple vulnerabilities :

- An unspecified flaw exists in the REST and SOAP APIs that may allow a remote attacker to execute arbitrary PHP Code. No further details have been provided.
- A flaw exists that is due to the program leaving the '/app/etc' directory writable. This may allow a remote attacker to execute arbitrary PHP code after perform an unauthorized reinstallation of the program.
- A flaw exists in '/rest/default/V1/guest-carts/<guestCartId>/shipping-information' that is triggered by the insecure deserialization of Java objects during the handling of SOAP or REST calls. This may a remote attacker to make changes to arbitrary files, and subsequently to customer accounts.
- A flaw exists that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the Authorize.net Module does not validate input to multiple parameters before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
- A flaw exists in the Quote API that may allow a remote attacker to gain access to private data of registers customers.
- A flaw exists that is due to overly verbose unhandled exception error messages. This may allow a remote attacker to gain access to file path information.

Solution

Upgrade to Magento CE version 2.0.6 or later.

Plugin Details

Severity: Critical

ID: 9694

Family: CGI

Published: 10/17/2016

Updated: 3/6/2019

Vulnerability Information

CPE: cpe:/a:magento:magento

Patch Publication Date: 5/16/2012

Vulnerability Publication Date: 5/16/2012

Detections

Analytics