• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Security question about 2.2.5 release
PostPosted: Mon Dec 18, 2017 6:07 pm 
Offline
New Member
New Member

Joined: Mon Dec 18, 2017 6:02 pm
Posts: 1
Hi Team,

Recently, MITRE assigned two CVE IDs for issues related to the 2.2.5 release [1] [2]. The first, CVE-2017-17734 [3] is simply described as "CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions." The second, CVE-2017-17735 [4] is described as "CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies."

Given the wording of your release announcement [1], it isn't obvious if these fixed true vulnerabilities or were defense-in-depth enhancements. Can you clarify which they are?

Thanks,

Brian

[1] viewtopic.php?f=1&t=77737
[2] https://www.cmsmadesimple.org/2017/12/A ... 2.2.5-Wawa
[3] http://cve.mitre.org/cgi-bin/cvename.cg ... 2017-17734
[4] http://cve.mitre.org/cgi-bin/cvename.cg ... 2017-17735

p.s. https://www.cmsmadesimple.org/support/options/ has an HTML typo so (TM) is not rendering: "Although CMS Made Simple&tm; is freely"


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
A2 Hosting