It sounds like a false positive. Did the security team not provide any details how this far-fetched vulnerability was found? CWE-90 is generic, not language-specific and Joomla is not mentioned. It was first reported in July 2006, a few weeks before Joomla 1.0.10 was released.
On the other hand, an LDAP vulnerability was reported on July 27, 2017, affecting Joomla versions from 1.5.0 to 3.7.5. Joomla 3.8.0 was released on September 19, 2017.
Ref. 1 CVE-2017-14596
Ref. 2 Security Announcements - [20170902] - Core - LDAP Information Disclosure
On the other hand, an LDAP vulnerability was reported on July 27, 2017, affecting Joomla versions from 1.5.0 to 3.7.5. Joomla 3.8.0 was released on September 19, 2017.
Ref. 1 CVE-2017-14596
Ref. 2 Security Announcements - [20170902] - Core - LDAP Information Disclosure
Statistics: Posted by toivo — Mon Jul 29, 2024 10:10 pm