Support Center

Recent questions

About Koken

This Help Center provides support for Koken, a free content management system designed for photographers, artists and designers.

Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

CVE-2017-11793

3w984

Oct 11, 2017 10:43AM EDT

On my hosting (german all-inkl.de) the file admin/js/console_0.22.21.min.js was renamed to VIRUS_Html.Exploit.CVE_2017_11793-6336854-1_console_0.22.21.min.js

Any suggestions?

7 Community Answers

Answered

Team NetObjects

Oct 11, 2017 11:33AM EDT

Hello. Please download and extract this zip file containing the Koken v22.21 program files. Connect to the Koken folder on your server using FTP and overwrite the server files with those from the Zip file. Do not delete the Koken Storage folder.

View in conversation


Up 0 rated Down

Team NetObjects Koken Agent

Answered Oct 11, 2017 11:33AM EDT

Hello. Please download and extract this zip file containing the Koken v22.21 program files. Connect to the Koken folder on your server using FTP and overwrite the server files with those from the Zip file. Do not delete the Koken Storage folder.

Up 0 rated Down

3w984

Oct 11, 2017 01:11PM EDT
Hi, thx for your answer.

Here are the sha256sums. First one you provided via Link
e31d6dc895597f83a7e06e8461d93a724842d26f3e7c5c6a810394c95db4339d console_0.22.21.min.js

e31d6dc895597f83a7e06e8461d93a724842d26f3e7c5c6a810394c95db4339d VIRUS_Html.Exploit.CVE_2017_11793-6336854-1_console_0.22.21.min.js

I also a have two other Installations on the hosting with Koken 22.24. The files console.min.js have been also renamed with CVE_2017_11793 in the filename. This is the sha256sum

efde176e86092d623c97826690fd8fc1998016eef803d2d36bef30ebc2b78a8f console_0.22.24.min.js.cve
Up 0 rated Down

Team NetObjects Koken Agent

Oct 11, 2017 01:14PM EDT

Here’s the link to download the Koken v22.24 program files.

Up 0 rated Down

3w984

Oct 12, 2017 11:43AM EDT
Hi,
I posted the checksums to show that the files haven't been altered.
It seems ClamAV is marking them, see https://www.virustotal.com/#/file/e31d6dc895597f83a7e06e8461d93a724842d26f3e7c5c6a810394c95db4339d and https://www.virustotal.com/#/file/efde176e86092d623c97826690fd8fc1998016eef803d2d36bef30ebc2b78a8f

Just so you guys know :)
Up 0 rated Down

Nick813

Oct 12, 2017 11:43AM EDT
I have no answer to this issue, but am experiencing the same problem. Server ran ClamAV and flagged the same file (latest update) last night during nightly scans.

Log:
/admin/js/console_0.22.24.min.js: Html.Exploit.CVE_2017_11793-6336854-1 FOUND
/admin/js/console_0.22.24.min.js.map: Html.Exploit.CVE_2017_11793-6336854-1 FOUND

As a side note - I run multiple sites with well known CMS systems for various clients across multiple servers and they too have the same exploit issue (Html.Exploit.CVE_2017_11793-6336854-1)
Up 0 rated Down

Nick813

Oct 15, 2017 12:52PM EDT
@Team NetObjects
Here is the information that I have dug up... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11793

ClamAV is the only Scanner at this point that throwing the flag. Additionally I have installed a vanilla version of koken (latest version) in a test environment -> ran ClamAV -> Flagged it again.

I am thinking it may be a false positive however I prefer to side on the err of caution. Do you have any suggestions on how to correct. Or should we wait until.......
Up 0 rated Down

Danila

Oct 15, 2017 12:52PM EDT
Hi,

You can read more information what it is here: https://www.getpagespeed.com/server-setup/security/html-exploit-cve_2017_11793-6336854-1-found

If you find that the file is the same (legit) you have to whitelist this signature in ClamAV (typically it's not an actual malware).

Answer this question

support@koken.me
http://assets1.desk.com/
false
koken
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete