Skip to main content

Apache AddHandler/AddType vulnerability: Magento

I ran into an example of a web application vulnerable to Apache AddHandler/AddType misconfiguration by chance today. The releases notes of Magento Community Edition 1.9.1 point to a remote code execution vulnerability.

Interestingly, the section Determining Your Vulnerability to the File System Attack is precisely a switch from AddHandler to SetHandler. Fantastic! Let's see if I can use that to convince web hoster X that is still arguing that use of AddHandler would be good enough.

PS: Before anyone takes this for advice to switch to vanilla, be sure to apply post-release easy-to-overlook patch "SUPEE-5344", too. Details are up at (German) Magento-Shops stehen Angreifern offen or (English) Analyzing the Magento Vulnerability.