Update VULNERABILITIES documentation.

blueimp · Oct 23, 2018 · a513d51 · a513d51
1 parent ad4aefd
commit a513d51
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 ## ⚠️ Security Notice
 Security related releases:
 
-* [v9.22.1](https://github.com/blueimp/jQuery-File-Upload/releases/tag/v9.22.1) Fixes a [Remote code execution vulnerability in the PHP component](VULNERABILITIES.md#remote-code-execution-vulnerability-in-the-php-component).
+* [v9.24.1](https://github.com/blueimp/jQuery-File-Upload/releases/tag/v9.24.1) Fixes a [Remote code execution vulnerability in the PHP component](VULNERABILITIES.md#remote-code-execution-vulnerability-in-the-php-component).
 * v[9.10.1](https://github.com/blueimp/jQuery-File-Upload/releases/tag/9.10.1) Fixes an [Open redirect vulnerability in the GAE components](VULNERABILITIES.md#open-redirect-vulnerability-in-the-gae-components).
 * Commit [4175032](https://github.com/blueimp/jQuery-File-Upload/commit/41750323a464e848856dc4c5c940663498beb74a) (*fixed in all tagged releases*) Fixes a [Cross-site scripting vulnerability in the Iframe Transport](VULNERABILITIES.md#cross-site-scripting-vulnerability-in-the-iframe-transport).
 

diff --git a/VULNERABILITIES.md b/VULNERABILITIES.md
@@ -1,24 +1,33 @@
 # ⚠️ List of fixed vulnerabilities
 
 ## Remote code execution vulnerability in the PHP component
-> Fixed: 2018-10-13
+> Fixed: 2018-10-23
 
-The sample [PHP upload handler](server/php/index.php) before [v9.22.1](https://github.com/blueimp/jQuery-File-Upload/releases/tag/v9.22.1) allowed to upload all file types by default.  
+The sample [PHP upload handler](server/php/UploadHandler.php) before [v9.24.1](https://github.com/blueimp/jQuery-File-Upload/releases/tag/v9.24.1) allowed to upload all file types by default.  
 This opens up a remote code execution vulnerability, unless the server is configured to not execute (PHP) files in the upload directory (`server/php/files`).  
 
 The provided [.htaccess](server/php/files/.htaccess) file includes instructions for Apache to disable script execution, however [.htaccess support](https://httpd.apache.org/docs/current/howto/htaccess.html) is disabled by default since Apache `v2.3.9` via [AllowOverride Directive](https://httpd.apache.org/docs/current/mod/core.html#allowoverride).
 
 **You are affected if you:**
-1. Uploaded jQuery File Upload `version < 9.22.1` on a Webserver that executes all PHP scripts in the project directory, e.g. Apache with `mod_php` enabled.
+1. A) Uploaded jQuery File Upload < `v9.24.1` on a Webserver that executes files with `.php` as part of the file extension (e.g. "example.php.png"), e.g. Apache with `mod_php` enabled and the following directive (*not a recommended configuration*):
+    ```ApacheConf
+    AddHandler php5-script .php
+    ```
+   B) Uploaded jQuery File Upload < `v9.22.1` on a Webserver that executes files with the file extension `.php`, e.g. Apache with `mod_php` enabled and the following directive:
+    ```ApacheConf
+    <FilesMatch \.php$>
+      SetHandler application/x-httpd-php
+    </FilesMatch>
+    ```
 2. Did not actively configure your Webserver to not execute files in the upload directory (`server/php/files`).
 3. Are running Apache `v2.3.9+` with the default `AllowOverride` Directive set to `None` or another Webserver with no `.htaccess` support.
 
 **How to fix it:**
-1. Upgrade to the latest version of jQuery File Upload or limit file uploads to image file types - see [sample PHP code](server/php/index.php).
+1. Upgrade to the latest version of jQuery File Upload.
 2. Configure your Webserver to not execute files in the upload directory, e.g. with the [sample Apache configuration](SECURITY.md#apache-config)
 
 **Further information:**
-* Commit containing the security fix: [aeb47e5](https://github.com/blueimp/jQuery-File-Upload/commit/aeb47e51c67df8a504b7726595576c1c66b5dc2f)
+* Commits containing the security fix: [aeb47e5](https://github.com/blueimp/jQuery-File-Upload/commit/aeb47e51c67df8a504b7726595576c1c66b5dc2f), [3e82856](https://github.com/blueimp/jQuery-File-Upload/commit/3e828564324cf5aea2b0d0c7f3a7a17996cb9a9a)
 * [Full disclosure post on Hacker News](https://news.ycombinator.com/item?id=18267309).
 * [CVE-2018-9206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9206)
 * [OWASP - Unrestricted File Upload](https://www.owasp.org/index.php/Unrestricted_File_Upload)