[opencms-dev] OpenCms security advisory?

Christoph P. Kukulies kuku at physik.rwth-aachen.de
Fri Jul 28 16:40:46 CEST 2006


On Fri, Jul 28, 2006 at 04:31:54PM +0200, Christian Steinert wrote:
> Christoph P. Kukulies schrieb:
> > Or should one better upgrade every (Internet exposed) site < 6.2.2 now?
> > 
> 
> P.S. but of course it's still a good idea to update.
> When systems are attacked, then a attacker might combine several ways of
> getting extended access to the system.
> 
> 
> The possibility that a legal user could try to use these vulnerabilities
>  in order to get more permissions is probably not so much of an issue.
> 
> But if somebody would find a new and unknown way to access workplace
> functionality without logging in, then they could suddently do lots of
> nasty things by exploiting the issues that are mentioned here.
> 

That's what I'm also concerned about. Would there be traces of such attempts
somewhere in the logs?  


> Therefore it's still a good idea to guard against such vulnerabilities,
> even if there are no known real-world scenarios of how they would damage
> you.
> 
> Christian

--
Chris Christoph P. U. Kukulies kukulies (at) rwth-aachen.de



More information about the opencms-dev mailing list