Security bulletin: 2010-006
Released: November 8th, 2010
The following issue has been identified:
Synopsis
A possibility of an attack was found that could lead to Denial of Service (DoS) of the store.
State
Resolved in OXID eShop version 4.4.4.
Impact
By creating specially crafted URLs with random data, new SEO URLs are generated each time and stored in the database.
No exploits are known as of today.
Affected products, releases and platforms
Products:
- OXID eShop Enterprise Edition
- OXID eShop Professional Edition
- OXID eShop Community Edition
Releases:
- Professional, Enterprise and Community Edition: 4.0.0.0_13895, 4.0.0.0_13934, 4.0.0.0_14260, 4.0.0.1_14455, 4.0.0.2_14842, 4.0.0.2_14967, 4.0.1.0_15990, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.0, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2 and 4.4.3.
Platforms:
- Above releases are affected on all platforms.
Resolution
The issue has been addressed in the following releases:
- OXID eShop Professional Edition version 4.4.3
- OXID eShop Enterprise Edition version 4.4.3
- OXID eShop Community Edition version 4.4.3
The issue can be fixed manually by changing the following lines in views/tag.php file method render():
|
1 |
<span class="re0">$this</span><span class="sy0">-></span>_aViewData<span class="br0">[</span><span class="st0">'articlelist'</span><span class="br0">]</span> <span class="sy0">=</span> <span class="re0">$this</span><span class="sy0">-></span><span class="me1">getArticleList</span><span class="br0">(</span><span class="br0">)</span><span class="sy0">;</span> |
to:
|
1 2 3 4 5 6 7 |
<span class="re0">$oArticleList</span> <span class="sy0">=</span> <span class="re0">$this</span><span class="sy0">-></span><span class="me1">getArticleList</span><span class="br0">(</span><span class="br0">)</span><span class="sy0">;</span> <span class="co1">//if no articles - showing 404 header (#2139)</span> <span class="kw1">if</span> <span class="br0">(</span> <span class="sy0">!</span><span class="re0">$oArticleList</span> <span class="sy0">||</span> <span class="kw3">count</span><span class="br0">(</span> <span class="re0">$oArticleList</span> <span class="br0">)</span> <span class="sy0"><</span> <span class="nu0">1</span> <span class="br0">)</span> <span class="br0">{</span> error_404_handler<span class="br0">(</span><span class="br0">)</span><span class="sy0">;</span> <span class="br0">}</span> <span class="re0">$this</span><span class="sy0">-></span>_aViewData<span class="br0">[</span><span class="st0">'articlelist'</span><span class="br0">]</span> <span class="sy0">=</span> <span class="re0">$oArticleList</span><span class="sy0">;</span> |
The fix is valid for all affected OXID eShop versions and products.
Credits
The security issue has been reported by Sven Tietje (topconcepts.com).
Stay up-to-date
To receive upcoming OXID Security Bulletins, please subscribe to the mailing lists or the Announcement forum
How to report security issues
Learn how to report security issues in the Security overview page.
Leave a Reply
Want to join the discussion?Feel free to contribute!