Revision company made me a Vulnerability Scann

[brq]

Hi, Revision company made a Vulnerability Scann to my web site and send those results:

1. Problem - Not using httponly flag,
2. Problem - Using vunerable script jQuery 1.3.2 (JS)

They didn't mentioned problem with old CMS version!

Are those 2 problems due old version of my site (Joomla 1.5.26)?
Can I fix this problems whitout upgrade-in to Joomla 2.5 or Joomla 3.x?
Are those two problems big security Vulnerability?
Would upgrade to Joomla 2.5 or 3.0 automaticly solve those problems?

Thank you very much!

Revision company made an Vulnerability Scanning and get results: 1. Not using httponly flag, 2. Using vunerable script jQuery 1.3.2 (JS)

[18-Mar-2015 17:03:58 UTC] PHP Warning: curl_setopt() [<a href='function.curl-setopt'>function.curl-setopt</a>]: CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set in /home/url/public_html/plugins/authentication/gmail.php on line 66

Joomla! Instance :: Joomla! 1.5.26-Stable (senu takaa ama busani) 27-March-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: vzzzhr (uid: 1/gid: 1) | Group: vzzzhr (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 0 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 1 | FTP Layer: 0 | SSL: 0 | Error Reporting: 0 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-531.29.2.lve1.3.11.1.el6.x86_64 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /home/url/public_html | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.29 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 6135 | Log Errors To: error_log | Last Known Error: 18th March 2015 20:07:43. | Register Globals: | Magic Quotes: | Safe Mode: 1 | Open Base: | Uploads: 1 | Max. Upload Size: 64M | Max. POST Size: 8M | Max. Input Time: 120 | Max. Execution Time: 60 | Memory Limit: 256M

MySQL Configuration :: Version: 5.6.23 (Client:5.6.23) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 11.53 MiB | #of Tables:  61

PHP Extensions :: Core (5.3.29) | date (5.3.29) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | standard (5.3.29) | Phar (2.0.1) | posix () | Reflection ($Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $) | imap () | SimpleXML (0.1) | soap () | sockets () | exif (1.4 $Id$) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | cgi-fcgi () | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | pdo_mysql (1.0.2) | imagick (3.1.2) | SQLite (2.0-dev) | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::

Components :: SITE :: Wrapper (1.5.0) | MailTo (1.5.0) | User (1.5.0) | Gantry (3.0.6) |
Components :: ADMIN :: VVisit_Counter (2.0) | JoomGallery (1.5.7.5) | Weblinks (1.5.0) | EasyBook Reloaded (2.0.4) | Mass Mail (1.5.0) | Messaging (1.5.0) | Installation Manager (1.5.0) | Frontpage (1.5.0) | Content Page (1.5.0) | Search (1.5.0) | Plugin Manager (1.5.0) | Configuration Manager (1.5.0) | Media Manager (1.5.0) | Template Manager (1.5.0) | Contact Items (1.0.0) | Module Manager (1.5.0) | Polls (1.5.0) | RokModule (1.2) | Menus Manager (1.5.0) | Newsfeeds (1.5.0) | Banners (1.5.0) | Control Panel (1.5.0) | Akeeba (3.0) | RokDownloads Bundle (1.0.1) | QTablePrefix (1.0.7) | RokDownloads (1.0.1) | Cache Manager (1.5.0) | Language Manager (1.5.0) | User Manager (1.5.0) | WeblinksWT (1.0.0) | Gantry (3.0.6) | RokCandy (1.2) | Trash (1.0.0) | RokNavMenu Bundle (1.12) | RokCandy Bundle (1.2) | JCE (1.5.7) |

Modules :: SITE :: Custom HTML (1.5.0) | RokAjaxSearch (1.9) | Sections (1.5.0) | JoomImages for JoomGallery (1.5.5.1) | Feed Display (1.5.0) | Lof ArticlesSroller Module (1.0.0) | Statistics (1.5.0) | RokNavMenu (1.12) | Rokdownloads Latest Downloads (1.0.1) | Newsflash (1.5.0) | Related Items (1.0.0) | JoomGallery Stats for JoomGall (1.5.5) | Latest News (1.5.0) | Breadcrumbs (1.5.0) | JoomJComments (1.5 BETA3) | GTranslate (1.5.x.19) | JoomCategories for JoomGallery (1.5.7.1) | Login (1.5.0) | Wrapper (1.0.0) | Related Articles Plus (1.1.0) | RokNewsflash (1.4) | Categorie_Menu (1.6b) | Menu (1.5.0) | Banner (1.5.0) | Footer (1.5.0) | Search (1.0.0) | Poll (1.5.0) | AutGen menu (2.2) | RokTabs (1.20) | Vinaora Visitors Counter (2.0) | RokDownloads Most Downloaded (1.0.1) | JoomGallery Treeview (1.5.7.1) | RokWeather (0.8) | Rokdownloads Recently Updated (1.0.1) | WebLink Information (1.1.2) | Who\'s Online (1.0.0) | Random Image (1.5.0) | Archived Content (1.5.0) | Most Read Content (1.5.0) | Shout Box (1.2.0) | EasyBook Reloaded - Latest Ent (2.0.2) | Syndicate (1.5.0) | RokStories (1.8) |
Modules :: ADMIN :: Custom HTML (1.5.0) | Feed Display (1.5.0) | Items Stats (1.0.0) | Admin Submenu (1.0.0) | Popular Items (1.0.0) | Toolbar (1.0.0) | Unread Items (1.0.0) | Logged in Users (1.0.0) | User Status (1.5.0) | Login Form (1.0.0) | Admin Menu (1.0.0) | Latest News (1.0.0) | Footer (1.0.0) | Quick Icons (1.0.0) | Online Users (1.0.0) | Title (1.0.0) |

Plugins :: SITE :: System - KeyCAPTCHA (5.0.9) | System - Log (1.5) | System - RokBox (2.3) | System - Cache (1.5) | System - Joo Recaptcha (1.5.8) | System - RokCandy (1.2) | System - RokGZipper (1.8) | System - Debug (1.5) | System - Legacy (1.5) | System - RokGantry Cache (1.0) | System - SEF (1.5) | System - Vinaora Visitors Coun (2.0) | System - Backlinks (1.5) | System - Remember Me (1.5) | System - Mootools Upgrade (1.5) | Authentication - OpenID (1.5) | Authentication - Example (1.5) | Authentication - LDAP (1.5) | Authentication - Joomla (1.5) | Authentication - GMail (1.5) | XML-RPC - Joomla API (1.0) | XML-RPC - Blogger API (1.0) | JoomGallery - Display CB Name (1.5) | JoomGallery - Integrate EasyCa (1.5 BETA) | JoomGallery - Display JomSocia (1.5 BETA) | JoomGallery - JoomJCom (1.5 BETA5) | JoomGallery - Integrate Slimbo (1.5.2) | User - Example (1.0) | User - Joomla! (1.5) | Search - RokDownloads (1.0.1) | Search - Sections (1.5) | Search - Contacts (1.5) | Search - Newsfeeds (1.5) | Search - Content (1.5) | Search - Categories (1.5) | Search - Weblinks (1.5) | AllVideos (by JoomlaWorks) (3.1) | Content - RokDownloads Link (1.0.1) | Content - RokBox (1.6) | Content - Pagebreak (1.5) | Inhalt - JoomGallery insert im (1.5 BETA2) | Content - Example (1.0) | googleMaps (1.5.10) | Content - Email Cloaking (1.5) | Simple Image Gallery (by Jooml (2.2) | Simple Image Gallery Plugin (1.2.1) | Content - Page Navigation (1.5) | Content - Load Modules (1.5) | Content - WebLinks (1.0) | Content - Code Highlighter (Ge (1.5) | Content - Vote (1.5) | RokNavMenu - Boost (1.12) | RokNavMenu - Extended Link (1.12) | Button - RokDownload Link (1.5.0) | Button - Pagebreak (1.5) | Button - Readmore (1.5) | Button - RokCandy (1.2) | Button - Image (1.0.0) | Editor - JCE 1.5.6 (1.5.6) | Editor - XStandard Lite for Jo (1.0) | Editor - RokPad (1.2) | Editor - TinyMCE 3 (3.2.6) | Advanced Code Editor (1.5.6) | File Browser (1.5.0 Stable) | File Manager (1.5.0 Stable) | Image Manager Extended (1.5.5) | Object Support (1.5.1) | Paste (1.5.0) | Paste (1.5.6) | Image Manager (1.5.2) | Advanced Link (1.5.1) | Joomla! Links for Advanced Lin (1.2.1) | SpellChecker (2.0.0) |

Templates :: SITE :: rhuk_milkyway (1.0.2) | beez (1.0.0) | JA_Purity (1.2.0) | rt_panacea_j15 (1.5.2) |
Templates :: ADMIN :: Khepri (1.0) |

[jcms]

update site is good. Then you can use firebug to check js bug and fix.

[brq]

Didn't helped me much!

[Bernard T]

Dobar dan brq,

HTTPONLY flag is not actually a direct security bug, rather a suggestion. It would be best to use HTTPS anyway.

And older jQuery library - the security problem with JS is mostly related to XSS, so it's moderate security issue that could affect your visitors. You can try to replace the JS file with the newest 1.XX version, and check if everything works fine on your website afterwards. If it breaks, try to go some version back. Don't go on 1.10.0 or any earlier, those are vulnerable too. Good luck!

Moving to 3.0 would be best solution.

Hi, Revision company made a Vulnerability Scann to my web site and send those results:

1. Problem - Not using httponly flag,
2. Problem - Using vunerable script jQuery 1.3.2 (JS)

They didn't mentioned problem with old CMS version!

Are those 2 problems due old version of my site (Joomla 1.5.26)?
Can I fix this problems whitout upgrade-in to Joomla 2.5 or Joomla 3.x?
Are those two problems big security Vulnerability?
Would upgrade to Joomla 2.5 or 3.0 automaticly solve those problems?

[brq]

OK, thanks (hvala)!