Difference between revisions of "Critical Security Fix for OpenEMR setup.php"
From OpenEMR Project Wiki
Bradymiller (talk | contribs) (Created page with ":In November of 2017, there were 2 critical security vulnerabilities reported in OpenEMR before 5.0.0 Patch 5 . :*Details of the first vulnerability can be found here: https://nv...") |
Bradymiller (talk | contribs) |
||
Line 1: | Line 1: | ||
== Overview == | |||
:In November of 2017, there were 2 critical security vulnerabilities reported in OpenEMR before 5.0.0 Patch 5 . | :In November of 2017, there were 2 critical security vulnerabilities reported in OpenEMR before 5.0.0 Patch 5 . | ||
:*Details of the first vulnerability can be found here: https://nvd.nist.gov/vuln/detail/CVE-2017-16540 | :*Details of the first vulnerability can be found here: https://nvd.nist.gov/vuln/detail/CVE-2017-16540 | ||
:*And details of the second vulnerability (it also does a nice job covering the first vulnerability): https://www.helpnetsecurity.com/2017/11/29/openemr-flaw-medical-records-exposed/ | :*And details of the second vulnerability (it also does a nice job covering the first vulnerability): https://www.helpnetsecurity.com/2017/11/29/openemr-flaw-medical-records-exposed/ | ||
== Secure Your OpenEMR == | |||
:In order to protect yourself from this vulnerability: | :In order to protect yourself from this vulnerability: | ||
::*If using OpenEMR 5.0.0: | ::*If using OpenEMR 5.0.0: | ||
Line 9: | Line 11: | ||
::*If using OpenEMR 4.2.2 or lower: | ::*If using OpenEMR 4.2.2 or lower: | ||
:::#Remove the setup.php file from the openemr web directory. | :::#Remove the setup.php file from the openemr web directory. | ||
== OpenEMR Community Response == | |||
: |
Revision as of 06:37, 30 November 2017
Overview
- In November of 2017, there were 2 critical security vulnerabilities reported in OpenEMR before 5.0.0 Patch 5 .
- Details of the first vulnerability can be found here: https://nvd.nist.gov/vuln/detail/CVE-2017-16540
- And details of the second vulnerability (it also does a nice job covering the first vulnerability): https://www.helpnetsecurity.com/2017/11/29/openemr-flaw-medical-records-exposed/
Secure Your OpenEMR
- In order to protect yourself from this vulnerability:
- If using OpenEMR 5.0.0:
- Update to the most recent patch via following instructions: OpenEMR Patches
- Remove the setup.php file from the openemr web directory (if you need this file in the future, then can download it at setup.php).
- If using OpenEMR 4.2.2 or lower:
- Remove the setup.php file from the openemr web directory.