cancel
Showing results for 
Search instead for 
Did you mean: 

Security scanner fails site running 1.9.3.6 on SUPEE-8788 and SUPEE-9767

SOLVED
   Did you know you can see the translated content as per your choice?

Translation is in progress. Please check again after few minutes.

Security scanner fails site running 1.9.3.6 on SUPEE-8788 and SUPEE-9767

Hi there,

I am running CE1.9.3.6 however the security scan is failing on SUPEE-8788 and SUPEE-9767.

The issues addressed in these patches should have been addressed in 1.9.3 and 1.9.3.3 respectively according to:

https://magento.com/security/patches/supee-8788

https://magento.com/security/patches/supee-9767

 

The SUPEE-8788 issue was also raised here but with no response from Magento: https://community.magento.com/t5/Magento-1-x-Security-Patches/Security-scan-SUPEE-8788-false-positiv...

 

The scan results in full are:

Your Magento installation is vulnerable to the vulnerabilities addressed in SUPEE-8788.
/skin/adminhtml/default/default/media/flex.swf
/skin/adminhtml/default/default/media/uploader.swf
/skin/adminhtml/default/default/media/uploaderSingle.swf

 

SUPEE-9767 - Failed.
Outdated JQuery library found (APPSEC-1622) response body contains unexpected 'jquery-1.10.2.min.js

 

Are they false positives or have these vulnerabilities not been properly address in the upgrades?  If not then how do I secure my site?

 

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Security scanner fails site running 1.9.3.6 on SUPEE-8788 and SUPEE-9767

Hi @A1Ben 

 

For SUPEE-8788 you have to remove following files

skin/adminhtml/default/default/media/flex.swf
skin/adminhtml/default/default/media/uploader.swf
skin/adminhtml/default/default/media/uploaderSingle.swf

Please visit following link Check for .swf Files After Upgrade

 

For second issue check your custom theme's page.xml for outdated jQuery.js . Please refer following link SUPEE-9767 Failed. Outdated jQuery library found (APPSEC-1622) response body contains unexpected ‘jq...

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

View solution in original post

Re: Security scanner fails site running 1.9.3.6 on SUPEE-8788 and SUPEE-9767

Many thanks Mukesh.

 

Yes in my case I needed to

cp js/lib/jquery/jquery-1.12.0.* skin/frontend/themepackage/themevarian/js/lib/

 

Edit the path to the jquery min in

app/design/themepackage/themevarian/default/layout/page.xml

to 

<action method="addItem"><type>skin_js</type><name>js/lib/jquery-1.12.0.min.js</name></action>

 

And then flush the cache.

 

Thanks again for the help!

 

 

View solution in original post

2 REPLIES 2

Re: Security scanner fails site running 1.9.3.6 on SUPEE-8788 and SUPEE-9767

Hi @A1Ben 

 

For SUPEE-8788 you have to remove following files

skin/adminhtml/default/default/media/flex.swf
skin/adminhtml/default/default/media/uploader.swf
skin/adminhtml/default/default/media/uploaderSingle.swf

Please visit following link Check for .swf Files After Upgrade

 

For second issue check your custom theme's page.xml for outdated jQuery.js . Please refer following link SUPEE-9767 Failed. Outdated jQuery library found (APPSEC-1622) response body contains unexpected ‘jq...

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: Security scanner fails site running 1.9.3.6 on SUPEE-8788 and SUPEE-9767

Many thanks Mukesh.

 

Yes in my case I needed to

cp js/lib/jquery/jquery-1.12.0.* skin/frontend/themepackage/themevarian/js/lib/

 

Edit the path to the jquery min in

app/design/themepackage/themevarian/default/layout/page.xml

to 

<action method="addItem"><type>skin_js</type><name>js/lib/jquery-1.12.0.min.js</name></action>

 

And then flush the cache.

 

Thanks again for the help!