XMLRPC - MAGENTO - ZEND SECURITY GLITCH

XMLRPC -MAGENTO - ZEND SECURITY GLITCH

A serious vulnerability found with the Zend Framework recently which is like a threat to your Magento or any Zend application store.

The issue found is with the XML-RPC, The vulnerability allows a attacker to execute, read files on your webs server, they can even access files which contains important credentials to access your store. It can effect to database also because DB HOST and PASSWORD contains with the configuration files.

Magento have posted a solution that we can be safe applying a solutions in form a patch.

• Solution applied for all the Magento version including Enterprise, Professional and Community.
  You can access the Zend security upgrade patch from Patches and Support for your product in the download section of your Magento Account -Download - You need to be logged in to download the patch.For Community versions-
  Magento Community Edition merchants:Community Edition 1.4.0.0 through 1.4.1.1
  Community Edition 1.4.2.0
  Community Edition 1.5.0.0 through 1.7.0.1
  send us email to get patch info@mconnectmedia.com

NOTE: Backup files and applies the patch one by one.

If patch dosen’t work then immediately switch off your XML RPC SERVICES from your MAGENTO following below points, But THis is not a permanent solutions at all you have to apply the pathch or else switch off the xml-rpc services and wait till next version release of magento eCommerce.

1. On the Magento web server, navigate to the www-root where Magento app files are stored.
2. In the www root, navigate to /app/code/core/Mage/Api/controllers.
3. Open Xmlrpc Controller.php for editing.
4. Comment out or delete the body of the method: public indexAction()
5. Save the changes.

Credit:
This post created by M-Connect Media a Magento Design Agency.