Update Protection against Joomla! HTTP Header Script Injection

Vulnerability
Protection

Check Point Reference:	CPAI-2009-215
Date Published:
Severity:
Source:	SecurityFocus
Industry Reference(s):	N/A
Protection Provided by:	IPS-1 IPS-1 IPS-1 NGX R65
Who is Vulnerable? Joompla! 1.5.11
Vulnerability Description Joomla! is a content management system (CMS) designed for building Web sites and online applications. Joomla! fails to parse HTTP headers, allowing an attacker to inject JavaScript or DHTML code that can be executed in the context of a target user browser.

Vulnerability Details
Joomla!'s HTTP headers are not properly parsed, specifically the HTTP_REFERER variable. An attacker can create a crafted HTTP request with malicious data in the HTTP_REFERER header to perform a cross-site scripting attack aganinst the affected application.

Protection Overview

By enabling this protection, IPS-1 will detect and block HTTP requests with javascript embedded in the HTTP-Referrer header.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Web Intelligence > WWW 2, and select the XSS Attacks protection group.
3. Click Joomla! HTTP-Referrer XSS (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?

Upon attack, the following entries will be logged:

Alert Name: XSS Attacks
Description: Joomla! HTTP-Referrer XSS

Legal Notice for Threat Center Advisories