WiredTree Warns Joomla! Users Of Remote Code Execution Vulnerability

10:06:06 - 22 December 2015

WiredTree responds to a remote code execution vulnerability publicized by Ars Technica and has warned users of the popular Joomla! content management system that they should upgrade or patch their installation immediately.

Chicago, IL (PRWEB) - WiredTree, a provider of managed server hosting has warned users of the popular Joomla! content management system that they should upgrade or patch their installation immediately. The warning is motivated by a serious remote code execution vulnerability, widely publicized last week in Ars Technica (Dec 14, 2015), that is being actively exploited by malefactors, with a high likelihood of unpatched sites being targeted.

The vulnerability affects all versions of Joomla! prior to version 3.4.6. Users running the recent 3.X branch of Joomla! should upgrade to version 3.4.6. Users of the end-of-life 1.5.X and 2.5.x versions can apply hot-fixes made available by Joomla!'s developers, and should ideally update to actively maintained versions of the CMS as soon as possible.

Joomla!, while not as popular as WordPress, has a large user base, particularly in the enterprise and among large-scale publishers. Joomla! should not be singled out as insecure - such vulnerabilities have been found in all major content management systems over the years - but it is important to make users of Joomla! aware that they must update as soon as possible.

"As a web hosting company, we support a great many clients that use Joomla! because it's an excellent content management system," says Zac Cogswell, President of WiredTree, "But we feel that because the vulnerability is widespread and is being actively exploited, it's important to get the news out to as many Joomla! users as we can — update your website immediately!"

The vulnerability is a result of the way Joomla! handles session data, essentially allowing a malicious users to leverage HTTP user-agent headers to insert arbitrary data into the site's database. From that point, it's relatively straightforward to have arbitrary code executed by the content management system.

WiredTree is a provider of fully managed web hosting committed to giving its clients the best and safest web hosting available.

About WiredTree

WiredTree specializes in delivering managed hosting experience that places the client in complete command; covering virtual, hybrid, and dedicated web hosting. As champions of customer care, it's no wonder that more than 5,000 clients enjoy WiredTree's free hardware level-ups and a <15 minute average ticket response time. All of this is built on top of only the highest-performing technologies, including LightSpeed web server, MariaDB, memcached, SSD-driven hardware, and an in-house management system called Grove. To learn more about what WiredTree can do for your site, visit http://www.wiredtree.com.


About WiredTree

Overall Rate
Monthly & Annual Awards

WiredTree was formed in June 2006 to set a new standard for managed dedicated and VPS hosting. The goal was to provide our clients with a superior managed hosting environment for our clients through customer service, innovative network design, a unique suite of services, and the latest technological advances in server hardware. A managed hosting environment that not only supported our clients at all levels, but also provided a true value.To realize this goal we created a modernized internal support structure to better handle client issues and... read more

Leave a Comment