Recently published blog posts:
Go to the blog archive and browse all previous blog posts we have published so far.
Subscribe to the GovCERT.ch blog RSS feed to stay up to date and get notified about new blog posts.
Recently published whitepapers:
Subscribe to the whitepapers RSS feed to stay up to date and get notified about new whitepapers.
Report an incident: incidents[at]govcert{dot}chGeneral inquiries: outreach[at]govcert{dot}ch
The following email address can be considered as point of contact for FIRST members and other CERTs/CSIRTs:incidents[at]govcert{dot}ch
GovCERT.ch PGP-Key (preferred) Alternative GovCERT.ch PGP Key (for older versions of PGP without Curve25519 support) GovCERT.ch SMIME
Published on April 30, 2015 12:55 UTC by GovCERT.ch (permalink) Last updated on May 1, 2015 09:39 UTC
In February 2015, Magento (a popular eCommerce software for webshops) released a security patch addressing a critical vulnerability in its product. The vulnerability allows an attacker to send a special prepared HTTP request to any website running a vulnerable version of Magento in order to execute malicious code on the remote webserver (a so called Remote Code Execution RCE vulnerability). More than two months later, MELANI / GovCERT.ch still sees a fairly big amount of websites in Switzerland running an old, vulnerable version of Magento, exposing themselves and its visitors to cyber-attacks from the internet. Hackers can (ab)use the vulnerability to e.g. place malicious code on the victims website to infect its visitors with malware (Drive-By exploits). MELANI / GovCERT.ch is currently aware of more than 1'100 websites hosted in Swiss IP address space or within Swiss name space (ccTLD .ch) which are still running a vulnerable version of Magento - some of them are popular webshops and well known in Switzerland.
Today, GovCERT.ch has sent out notifications to the responsible web hosting providers in Switzerland, informing them about websites hosted in their IP space running a vulnerable version of Magento and asking them to notify the associated website owners about the vulnerability.
We urge webmasters running Magento to ensure that they are using the latest version of Magento (SUPEE-5344). You can check if your website is vulnerable using the Magento Shoplift Bug Tester:
Should you are using an older version of Magento, we highly recommend you to update to the latest version of Magento as soon as possible. The latest version of Magento can be found on the vendors website:
Further information about the RCE vulnerability in Magento can be found here:
Back to top
