займ на картукредит онлайн

MAGENTO SECURITY PATCH SUPEE-6482 RELEASED

SUPEE-6482 is a bundle of patches that resolve several security-related issues.

There were several CVSSv3 Severity issues found which affected the Magento products. Below are the few bugs:

Issue Type: Remote File Inclusion

CVSSv3 Severity

Security Bug

Description

5.3 (Medium)

Error Reporting in Setup Exposes Configuration

Incorrect encoding of API password can lead to probing internal network resources or remote file inclusion.

Issue Type: Remote Code Execution (RCE)

CVSSv3 Severity

Security Bug

Description

6.5 (Medium)

Autoloaded File Inclusion in Magento SOAP API

Incorrect validation of a SOAP API request makes it possible to autoload code. The exploit requires the attacker to first log in with API credentials. Depending on the PHP version and/or configuration settings, code can then be loaded from a remote location.

Issue Type: Cross-site Scripting (XSS) – Stored / Cache Poisoning

CVSSv3 Severity

Security Bug

Description

9.3 (Critical)

Cross site scripting with error messages/CSRF/Session fixation

Unvalidated host header leaks into response and page. Because the page can be cached, this leak poses a risk for all store customers because any HTML or JavaScript code can be injected. Such an exploit works only with specific server configurations, and allows an attacker to intercept a session or modify a page with fake credit card forms, etc.

9.3 (Critical)

Cross-site Scripting in Gift Registry Search

Cross-site scripting vulnerability affects registered users. Attack through unescaped search parameter. Risk of cookie theft and impersonating as the user.

Source: Magento

It is highly recommended by Magento to deploy these new security patches right away, to ensure optimal security and performance.

What else can be done to protect a Magento site?

Apart from installing the security patches, you can always ask Magento certified professionals to conduct a security audit every quarter to ensure that your store is secured especially if you have installed new extensions and made some changes to the site.

Consult our certified Magento developers, if you want to implement this security patch or have any questions regarding the Magento security SUPEE-6482 patch, please contact our support team.

No Comments

Leave a Comment

Please be polite. We appreciate that.
Your email address will not be published and required fields are marked