'; echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "www.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "www.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "www.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "www.hp-telecom.com") { echo ''; echo 'hp-telecom'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

HTTP Attack (Attack ID:300002)

Release Date:2009-09-27

Attack Name:Joomla invalid token administrative password reset attempt

OS Type

Application Type

Severity:Warning

BUG ID

CVE ID

 

Description

components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly restrict access, which allows remote attackers to reset the 'first enabled user (lowest id)' password, typically for the administrator.

Impact:
Denial of Service. Information disclosure. Loss of integrity. Complete admin access.

Affected Systems:
joomla com_user V1.5
joomla com_user V1.5.1
joomla com_user V1.5.2
joomla com_user V1.5.3
joomla com_user V1.5.4
joomla com_user V1.5.5

Additional References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3681
http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html

 

Solution

Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.