cancel
Showing results for 
Search instead for 
Did you mean: 

Security scanner fails site running 1.9.3.6 on SUPEE-8788 and SUPEE-9767

SOLVED

Security scanner fails site running 1.9.3.6 on SUPEE-8788 and SUPEE-9767

Hi there,

I am running CE1.9.3.6 however the security scan is failing on SUPEE-8788 and SUPEE-9767.

The issues addressed in these patches should have been addressed in 1.9.3 and 1.9.3.3 respectively according to:

https://magento.com/security/patches/supee-8788

https://magento.com/security/patches/supee-9767

 

The SUPEE-8788 issue was also raised here but with no response from Magento: https://community.magento.com/t5/Magento-1-x-Security-Patches/Security-scan-SUPEE-8788-false-positiv...

 

The scan results in full are:

Your Magento installation is vulnerable to the vulnerabilities addressed in SUPEE-8788.
/skin/adminhtml/default/default/media/flex.swf
/skin/adminhtml/default/default/media/uploader.swf
/skin/adminhtml/default/default/media/uploaderSingle.swf

 

SUPEE-9767 - Failed.
Outdated JQuery library found (APPSEC-1622) response body contains unexpected 'jquery-1.10.2.min.js

 

Are they false positives or have these vulnerabilities not been properly address in the upgrades?  If not then how do I secure my site?

 

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Security scanner fails site running 1.9.3.6 on SUPEE-8788 and SUPEE-9767

Hi @A1Ben 

 

For SUPEE-8788 you have to remove following files

skin/adminhtml/default/default/media/flex.swf
skin/adminhtml/default/default/media/uploader.swf
skin/adminhtml/default/default/media/uploaderSingle.swf

Please visit following link Check for .swf Files After Upgrade

 

For second issue check your custom theme's page.xml for outdated jQuery.js . Please refer following link SUPEE-9767 Failed. Outdated jQuery library found (APPSEC-1622) response body contains unexpected ‘jq...

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

View solution in original post

Re: Security scanner fails site running 1.9.3.6 on SUPEE-8788 and SUPEE-9767

Many thanks Mukesh.

 

Yes in my case I needed to

cp js/lib/jquery/jquery-1.12.0.* skin/frontend/themepackage/themevarian/js/lib/

 

Edit the path to the jquery min in

app/design/themepackage/themevarian/default/layout/page.xml

to 

<action method="addItem"><type>skin_js</type><name>js/lib/jquery-1.12.0.min.js</name></action>

 

And then flush the cache.

 

Thanks again for the help!

 

 

View solution in original post

2 REPLIES 2

Re: Security scanner fails site running 1.9.3.6 on SUPEE-8788 and SUPEE-9767

Hi @A1Ben 

 

For SUPEE-8788 you have to remove following files

skin/adminhtml/default/default/media/flex.swf
skin/adminhtml/default/default/media/uploader.swf
skin/adminhtml/default/default/media/uploaderSingle.swf

Please visit following link Check for .swf Files After Upgrade

 

For second issue check your custom theme's page.xml for outdated jQuery.js . Please refer following link SUPEE-9767 Failed. Outdated jQuery library found (APPSEC-1622) response body contains unexpected ‘jq...

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: Security scanner fails site running 1.9.3.6 on SUPEE-8788 and SUPEE-9767

Many thanks Mukesh.

 

Yes in my case I needed to

cp js/lib/jquery/jquery-1.12.0.* skin/frontend/themepackage/themevarian/js/lib/

 

Edit the path to the jquery min in

app/design/themepackage/themevarian/default/layout/page.xml

to 

<action method="addItem"><type>skin_js</type><name>js/lib/jquery-1.12.0.min.js</name></action>

 

And then flush the cache.

 

Thanks again for the help!