[opencms-dev] OpenCms security advisory?
Christoph P. Kukulies
kuku at physik.rwth-aachen.de
Fri Jul 28 16:40:46 CEST 2006
On Fri, Jul 28, 2006 at 04:31:54PM +0200, Christian Steinert wrote:
> Christoph P. Kukulies schrieb:
> > Or should one better upgrade every (Internet exposed) site < 6.2.2 now?
> >
>
> P.S. but of course it's still a good idea to update.
> When systems are attacked, then a attacker might combine several ways of
> getting extended access to the system.
>
>
> The possibility that a legal user could try to use these vulnerabilities
> in order to get more permissions is probably not so much of an issue.
>
> But if somebody would find a new and unknown way to access workplace
> functionality without logging in, then they could suddently do lots of
> nasty things by exploiting the issues that are mentioned here.
>
That's what I'm also concerned about. Would there be traces of such attempts
somewhere in the logs?
> Therefore it's still a good idea to guard against such vulnerabilities,
> even if there are no known real-world scenarios of how they would damage
> you.
>
> Christian
--
Chris Christoph P. U. Kukulies kukulies (at) rwth-aachen.de
More information about the opencms-dev
mailing list