_________________

__________________

Guidelines for Websites & Portals Of Government of West Bengal An Integral Part of State Secretariat Manual of Office Procedure

_______________________________________________ Department of Information Technology, Government of West Bengal

1. Abbreviations Abbreviation G2C G2B G2G G2E W3C URL HTML SDC STQC Description Government to Citizen Government to Business Government to Government Government to Employee World Wide Web Consortium Uniform Resource Locator Hypertext Markup Language State Data Center Standardization, Testing and Quality Certification

2. Acknowledgements & References 1). National Informatics Center, Department of Information Technology, Ministry of Communications & Information Technology, Government of India. http://web.guidelines.gov.in/ 2). World Wide Web Consortium (W3C), http://www.w3.org/

Revision History:
Version Date: Prepared By 1.00 03/01/2011 State e-Governance Mission Team, Govt. of West Bengal 1.01 18/01/2011 SeMT, West Bengal Approved By Principal Secretary, Department of Information Technology, Govt. of West Bengal Principal Secretary, Department of Information Technology, Govt. of West Bengal Remarks First release of guidelines/policies for websites of Government of West Bengal a). Incorporated valuable comments from Joint Secretary, Department of Information Technology b). Included additional content in website security section

3. Introduction 3.1. Background

A large number of websites belonging to various State organizations and Departments including the Official portal of the Government of West Bengal http://www.banglarmukh.gov.in are already published over the Internet (World Wide Web) to facilitate easy access to government information and services to the citizens of the State and beyond. In future also, there will be need for continual development and publishing of many new government websites as well as maintenance, management and updates of existing websites, be it of a Department, of Taskforces set-up by the Government, for New Projects or various Citizen Service initiatives. These portals and websites will be the gateways for all G2C, G2B, G2G and G2E interactions in this new era of Electronic Governance. However, if these websites follow different Technology Standards, Design Layouts, Navigation Architecture, or, in simple terms, different Look and Feel as well as Functionality, this invariably requires a visitor to familiarise him/her with the functionality of each individual website which results in a lot of inconvenience, thus defeating the very purpose of these initiatives. The need for Standardization, Uniformity and Consistency in the websites of government departments cannot be stressed enough, in todays scenario. Since the website of a department is its reflection to the outside world, it ought to be seen as an integral part of the Department, rather than an external entity; hence the entire effort of hosting department information, data and services needs to be streamlined in a uniform, consistent and standardized manner across all the websites and portals of State government. As a first step, State Government websites may adhere to certain common minimum standards which have been derived, in the form of guidelines discussed in this document, as prerequisites for a Government website to fulfill its primary objective of being a citizen centric source of information & service delivery. These guidelines would eventually form the basis for establishment of the desired standards for governance in the cyber space of West Bengal. 3.2. Scope of the Document

This document recommends policies and guidelines for Websites and Portals of all the Departments, Boards and Corporations under the Government of West Bengal and their subordinate and attached offices at all Levels for making them citizen-centric and visitorfriendly in a standardized, uniform and consistent fashion. Compliance to these guidelines will ensure a high degree of consistency and uniformity in the content design, development, coverage and presentation and further promote excellence in Government Web space of West Bengal. These guidelines address common policy issues and practical challenges that Government Departments face during development and management of their websites. The guidelines aim to assist the Departments in ensuring that their website conforms to a consistently high standard. This is expected to enhance the trust level of the citizens while accessing Government information and availing services online.

3.3.

Accessibility

A Department website should be accessible to ALL authorized visitors irrespective of technology, platforms and devices. In other words, Departments should consider the needs of a broad spectrum of visitors, including general public, businesses, employees, specialised audiences and those without access to advanced technologies, and those with limited English proficiency. Guidelines to address the above needs have been given in various sections of this document. Most pertinent guidelines have been placed in the mandatory category while others have been made advisory or voluntary. 3.4. Compliance to Guidelines

These referral guidelines have been framed with the objective to make the State Government Websites conform to the essential pre-requisites of UUU trilogy i.e. Usable, User-Centric and Universally Accessible. This document forms the basis to ensure compliance of guidelines issued by Govt. of India and available at http://web.guidelines.gov.in/, which are also based on W3C's Web Content Accessibility Guidelines and IT Act of India. 3.5. How to use these Guidelines

Departments are expected to read, understand and implement these guidelines on all of their web-based initiatives. In other words, all the websites set up and owned by the Departments must comply with these guidelines. The Departments may draw their short term and long term timelines, depending upon their specific requirements, for compliance with these guidelines. 3.6. Mandatory, Advisory & Voluntary

Guidelines are divided into three categories viz. Mandatory, Advisory and Voluntary. Explanation and requirement of each of these categories is given as follows: Mandatory: The usage of term 'Must' signifies requirements which can be objectively assessed and which the Departments are supposed to mandatorily comply with. It is anticipated that there will be no exceptions for a Department not complying with these. The websites will be checked against these guidelines when audits for compliance are undertaken. It is the responsibility of each Department to address and bring into compliance, any noncompliant issues found in any website under their ownership. Advisory: The usage of term 'Should' refers to recommended practices or advisories that are considered highly important and desirable but for their wide scope and a degree of subjectivity these guidelines would have otherwise qualified to be mandatory. Departments are, however, expected to comply with these advisories. Voluntary: The usage of the term 'May' refers to voluntary practice, which can be adopted by a Department if deemed suitable. These have been drawn from best practices and conventions that have proved successful and can help a Department achieve high quality benchmarks for their web endeavors.

4. Design of Website 4.1. 4.1.1 Visualization & Layout Government Department Identifier a). All websites must prominently display the National Emblem as per the Code provided in the 'State Emblem of India (Prohibition of improper use) Act, 2005'. b). The website must display complete Name of the Department/Organization in an unambiguous manner towards top centre of the Homepage. c). The page title of the Homepage (the title which appears on the top bar of the browser) must be complete with the Name of the Department followed by Government of West Bengal. For example: Homepage of Department of Health and Family Welfare, Government of West Bengal. d). The Homepage and all important entry pages of the website must display the ownership information in the header or footer. e). The lineage of the Department should also be indicated at the bottom of the Homepage and all important entry pages of the website. For instance, at the bottom of the Homepage, the footer may state the lineage information, for example in State Portal Banglarmukh: Banglarmukh Official Site of Government of West Bengal, India 4.1.2 Page Layout & Navigation Consistency a). A consistent page layout must be maintained throughout the site. This means that the placement of buttons and navigation items such as menus, submenus should be uniform across the website. The main Menu may be horizontally placed while the sub menus may be through pull down from the main menu element. For Example, navigation menu of the State Portal, Banglarmukh remains same on all pages as shown below: Homepage:

Child Education Programs page:

Fig 1. Navigation Consistency at State Portal Banglarmukh

b). It must be possible for a visitor to reach the Homepage from any other page in the website and chain of all levels between the Homepage and Current page should be provided on each page. For example, on State Portal Banglarmukh, List of all levels displayed between Homepage and current page, on navigation to Child Education Programs page:

c). Links to under construction pages must be avoided. 4.1.3 Graphics Buttons, Icons, Images & Colors a). Buttons and Icons should be large enough to be distinguishable on a highresolution monitor, since the display size of components decreases with the increase in the screen resolution set by the user. b). Images should be created in an appropriate format to minimise page load time and maximise the display quality. There are three formats for displaying images in web browsers GIF, JPEG and PNG. c). Zooming of images should be avoided to avoid their distortion. d). A thumbnail (a smaller version) for a large image and link to the full-size copy should be provided where appropriate. f). While using colors, there must be adequate contrast between text and background to maintain clear visibility and readability of the text along the lines as in Banglarmukh. g). Websites should ensure the colours used for text and graphics appears same on a variety of platforms, browsers, monitors and devices. For example, the website content should be clearly visible and readable on major browsers like Internet Explorer, Firefox etc. 4.1.4 Creative Effects Audio/Video/Animations a). Download information must be provided to help users determine whether they wish to access the video or audio clip. This includes the download and usage instructions, file size, and file format. b). If a specific software program is required to access the multimedia file, a link to enable the user to download it must be provided. c). As far as possible, streaming audio/video should be used rather than forcing the users to download the entire file every time because the users may not have necessary software to run the audio/video clip on their PCs. d). The websites must provide equivalent information of audio/video clips (eg. a text description of the audio /video). e). For any moving, blinking or scrolling information that starts automatically and is presented in parallel with other content, there must be a mechanism for the user to pause, stop, or hide it
6

f). If any audio on a Web page plays automatically for more than 3 seconds, there must be mechanism to pause or stop the audio. g). Certain special effects such as spiraling, throbbing or flashing have been reported to cause epileptic seizures. Web pages must not contain anything that flashes more than 3 times in a 1 second period. 4.1.5 Typography Fonts a). Font properties should be such that content is readable both in electronic and print format and the page MUST print correctly on an A4 size paper. b). When using Regional language fonts, the page must be tested on major browsers for any inconsistency (loss of layout). Further, links to download the font must be provided to the visitors along the lines as in Banglarmukh. 4.2. 4.2.1 Contents Content Hyperlinking

The hyperlinking policy enumerating the detailed criteria and guidelines with respect to hyperlinks with other sites may be made available under the common heading of 'Hyperlinking Policy' and displayed at a common point on the Homepage of a website. a). Third party content should only be linked when consideration about the copyright, terms of use, permissions, content authenticity and other legal and ethical aspects of the concerned content have been taken into account. Prior permission for the same should be taken from Public Information Officer/Nodal Officer of the concerned Department. b). Further, it must be ensured that 'broken links' or those leading to 'Page Not Found' errors are checked regularly on a monthly basis and are rectified or removed from the site upon discovery. c). To create a visual distinction for links that lead offsite, Cascading Style Sheets (CSS) controls or XSL or some such similar mechanism should be used. 4.2.2 Primary Content

a). Bilingual Support: The content should be available both in English and Bengali keeping in view that a large population of State is Bengali speaking. The fonts used should be in Unicode. b).About us: General information about Department history, Vision/Mission, Profile, Functions, Agencies under administrative control, Organizational structure, Key Personnel etc. All information concerning legislative/government officials must always be kept up to date. c). Plans, Schemes & Programs: The websites must contain up to date information related to Plans/Annual Plan and Budget of the department with details of schemes, programs and projects (Externally and Internally funded, State or Centrally sponsored) along with their prospective beneficiaries, eligibility criteria, procedures to follow, supporting documents to be carried, whom to contact and validity etc.

d). Acts, Rules & Policies: Departments acts, rules and policies, which it wants to be published in public domain, can be displayed. The commencement date, scope/region and extent of the acts/rules should be published with complete title of the same. e). Forms & Procedures: The application forms to get department services, terms & conditions and their filling and submission procedures should be published in detail. The forms should be in read-only printable format to avoid misuse. f). Tenders, Notifications & Circulars: Department tenders, notices and circulars should be published in detail and in read-only format to avoid misuse. Old tenders, notices and circulars should be removed from website to avoid confusion. g). Recruitment: Recruitment notices and application forms along with eligibility criteria, supporting documents to be submitted, dates and format of examination and interviews should be published in detail and in read-only format to avoid misuse. h). News and Press Releases: Latest news and press clippings released by department may be published under this topic. This content needs to be updated regularly to keep up to date information on the website. i). Contact Information: Contact address of the department including its postal address, email address, fax number and telephone numbers must be given. Contact details of Public Information Officer (PIO), who is responsible for the content of the department website should also be provided for redress (correction) of inaccurate information. This part may also be provided as an online e-Form for queries, grievances and feedback of visitors to automatically get information on a pre-defined email address, which can be replied back.

j). Major Achievements & Success Stories: The remarkable achievements and success stories of department policies, initiatives, programs and projects should be published under this topic. k). Basic Statistics: Basic statistics of the department, showing its previous records in tabular or graphical format. l). Linking of Portals: It is mandatory to provide a link to State portal Banglarmukh on all websites, as this is the electronic face of Government of West Bengal. State Portal must also have links to websites of State departments. State Portal must also have a link to National Portal india.gov.in If an user would like to browse a link from the website that is not any of the State Government website, it must be ensured that a lineage like You are leaving the Government domain appear on the page.

m). Other features: Any other features related to the departments, which departments may deem fit for display in public domain. 4.2.3 Secondary Content

a). Events & Announcements

8

b). Publications and Reports Publishing of annual reports is mandatory c). Related Links d). Media Gallery Pictures, Videos of events etc. 4.2.4 Tertiary Content

a). Online help and FAQs b). User feedback for Citizen-centric services c). Downloads and Plug-ins d). Navigation Aides Sitemap, Search Engine etc. 5. Hosting of Website 5.1. Government Domain Name

Domain name is a case-sensitive alphabetic suffix used to refer, identify and locate websites on Internet. The suffix indicates what type of organization is hosting a website. For instance, .com denotes commercial/business organizations, .org for organizations or groups, .gov for government, .edu for educational institutions etc. The URL or the Web Address of any Government website is also a strong indicator of its authenticity and status as being official. Hence, in compliance to the Government's Domain Name Policy, all State Government websites must use 'gov.in' domain exclusively allotted and restricted to Government websites. The above naming policy applies to all Government websites irrespective of where they are hosted. In the government website domain names, .com and .org etc must be discontinued. All websites of the Government of West Bengal should preferably be under the domain name of gov.in. The website URL name may be an abbreviation indicative of the concerned department. For instance, wbdma.gov.in may be used for Department of Municipal Affairs, Government of West Bengal. All departments using a domain name other than the above should take an appropriate early action to register official government domain names and use the existing ones for an interim period of 3 months. For instance, http://www.itwb.org can be used for Department of Information Technology website for 3 months as an Alias, while seeking registration for appropriate domain name resulting in appropriate URL name such as http://www.itwb.wb.gov.in An intermediary page with a clear message notifying the visitors about the change in the URL and then auto redirecting them to the new URL after a time gap of 10 seconds may be used.

5.2. Site of Hosting All department websites should preferably be hosted at State Data Center (SDC) at WEBEL BHAVAN, Kolkata (West Bengal). To host the website at the SDC, a letter may be sent by Head/Principal Secretary of Department to Department of Information Technology along with a duly filled form Requisition for Application/Website/Portal Hosting at SDC provided in AnnexureI. 5.3. Ownership, Control & Copyright 5.3.1. Content Responsibility The responsibility and ownership of contents published on a department website lies with the owner department. 5.3.2. Content Copyright The information, material and documents made available on a department website MUST be backed up with a proper copyright policy explaining the terms and conditions of their usage and reference by others. 5.3.3. Hosting Responsibility The responsibility of hosting the State department websites in a secure and robust environment lies with the Technical agency contracted for operating SDC. 5.4. Website Security & Audit

Web Application security is of paramount concern to owners as well as consumers of the website. A lot of security threats are handled at data centres and server administrator level where the application is hosted. Application developers should however be sensitive about security aspects, as a lot of security threats arise due to vulnerability of application software code. Each state department website/application must undergo a security audit from empanelled agencies (e.g.: STQC in West Bengal) and clear the same, prior to hosting the website at the SDC or a Server owned by Government of India or State Government. The security audit needs to be taken at least once in a year and also as and when any significant additions/alterations in respect of hardware, software, network resources, policies and configuration are affected. Though, without security audit, concerned department may request to host the website in intermediary phase at a staging server owned by the Government of India or State Government with special approval from the Department of Information Technology. In that case, concerned department should be able to get security audit completed from empanelled agency within a period of 1 month from hosting on a staging server. A letter for seeking the approval for the same may be sent to Department of Information Technology from the head of concerned department in the format mentioned in Annexure-II Approval for hosting a department website/application on staging server without security audit under special circumstances

10

In case of any breach of security whereby the website is hacked, the Impact to the Department and thereby to the Government is required to be assessed before approval of hosting on a staging server is granted. The concerned Department may fill up and send a Security Impact Assessment form as mentioned at Annexure-III Form for Security Impact Assessment of a Website/Web Application for hosting on a staging server to the Department of Information Technology. In view of growing attacks on websites, owner departments should advise Website/Web application Developers and Administrators to follow the guidelines mentioned below: 5.4.1 Security guidelines for Website Administrators The following CERT-In guidelines may be referred by Website administrators: i). Web Server Security Guidelines http://www.cert-in.org.in/s2cMainServlet?pageid=GUIDLNVIEW02&refcode =Guideline%20CISG-2004-04 ii). Securing IIS 6.0 Web Server Guidelines http://www.cert-in.org.in/s2cMainServlet?pageid=GUIDLNVIEW02&refcode =Guideline%20CISG-2006-01 iii). Guidelines for Auditing and Logging http://www.cert-in.org.in/s2cMainServlet?pageid=GUIDLNVIEW02&refcode =Guideline%20CISG-2008-01 Website administrators are also suggested to take following Countermeasures: a).Apply appropriate updates/patches at the OS and application level regularly. b).Enable and maintain logs of different devices and servers and maintain the same for all levels. c).Conduct periodic auditing of web applications and configuration settings of web server. d).Use an Application Firewall to control input, output and access to the web application. e).Install a good antivirus and keep it updated and running. f).Check the web server directories for any malicious/unknown web shell files periodically and remove as and when noticed. Please also see Annexure-V for a List of Major Vulnerabilities and suggested Countermeasures. Please note that this list in Annexure-V shall be updated regularly with the latest cyber attack vulnerabilities and suggested countermeasures based upon CERT-In advisories. 5.4.2 Security guidelines for Website/ Web application Developers Web developers should follow secure coding practices as per Section 4.2 of the Web Server Security Guidelines: CERT-In CISG 2004-04. They are suggested to take following Countermeasures at application level: a).Validate and Sanitize all User Input, Parameters from URL and Values from Cookies to prevent SQL Injection attacks b). Present error messages with little or no useful information, which otherwise may aid an attacker exploit the information system. c). Enable Audit trail logs wherever possible in web applications at all levels
11

5.5. Contingency Plan A contingency plan must be ready against possible security threat, unscrupulous hacking and defacement, data corruption, hardware/software crash and natural disasters etc. for restoration of the website & its data in shortest possible time by Hosting agency. 6. Management & Maintenance of Website 6.1. Management & Monitoring Team

Joint Secretaries or Other Officers designated as State Public Information Officers (SPIO) must be the Nodal Officer for the Department website who will be responsible for overall supervision to ensure that authentic, correct and updated information is published on the website. 6.2. Content Management All department websites should have a simplified mechanism for the publication of content on websites allowing content creators to create, edit and update information without requiring technical knowledge/skills required by web application developers such as programming and markup languages. 6.3. Website Monitoring Websites must be monitored periodically to address and fix the quality and compatibility issues around the following parameters: a). Performance/Site Download time b). Functionality c). Broken links d). Traffic analysis e). User feedbacks A review meeting for the same should be conducted every quarter under the chairmanship of departments Nodal Officer / Public Information Officer.

12

ANNEXURE I

State Data Centre, Department of Information Technology Government of West Bengal

Requisition for Application/Website/Domain Hosting Application / Website Name: Domain/Sub domain for website: Request Date: Department Nodal Officer / Public Information Officer Contact: Name: Email: Work Phone: Primary Technical Point of Contact for Application / Website: Name: Email: Work Phone: Will the application be available: External Open to the public [ ] Yes [ ] No Internal Network Only for Department users [ ] Yes [ ] No Operating Environment required for Application/Website [ ] Linux [ ] Unix [ ] Windows Application /Website Status: ( ) planned ( ) under development ( ) existing What is the purpose (if specific application)? How much disk space in MB (Megabytes) is required for the application/Website :-----------------MB Type of Web/Application Server needed: [ ] Oracle 9iAS [ ] Apache [ ] Microsoft IIS [ ] Plum tree [ ] Web Logic [ ] None [ ] Web sphere [ ] Other (please specify) ___________________________ Secure Socket Layers (SSL) i.e. Secured Access to Website/Application required: Need a URL? [ ] Yes [ ] Yes, if yes what URL [ ] No name ______________________ [ ] No Database required by Application /Website: [ ] Yes, if yes which database is used: () Oracle ( ) MySQL ( ) SQL Server ( ) PostgresSQL ( )Other __________ [ ] No Size Required For the Database in MB (Megabytes):________________MB Authorized Project OIC/Department Public Information Name: Officer Signature with Name in Block Letter: Date: Secretary, Department of Information Technology, Government of West Bengal Principal Consultant and Head State e-Governance Mission Team, Government of West Bengal Head- SDC, West Bengal Signature with Name in Block Letter: Signature: Name: Date: Signature: Name: Date: Signature: Name: Date: Signature:
13

ANNEXURE II

Department of Information Technology Government of West Bengal

Approval for hosting a Department Website/Application on staging server without security audit under special circumstances Application / Website Name: Request Date: Department Name: Department Nodal Officer / Public Information Officer Contact: Name: Email: Work Phone: Primary Technical Point of Contact for Application / Website: Name: Email: Work Phone: Will the application be available: External Open to the public [ ] Yes [ ] No Internal Network Only for Department users [ ] Yes [ ] No Application /Website Status: ( ) planned ( ) under development ( ) existing What is the purpose (if specific application)? Reasons for hosting on staging server: Sample examples: 1). Department website is still under development and being tested at a staging server managed by NIC. 2). Specific application is not available for public domain but for internal use by department. Note: Please remove above sample examples in your requisition and provide your reasons for hosting of your department website/application on staging server. Authorized Project OIC/Nodal Officer / Departments Public Name: Information Officer Date: Principal Consultant and Head State e-Governance Mission Team, Government of West Bengal Head- SDC, West Bengal Signature: Name: Date: Signature: Name: Date: Signature: Name: Date: Signature:

Secretary, Department of Information Technology, Government of West Bengal

14

ANNEXURE III

Department of Information Technology Government of West Bengal

Form for Security Impact Assessment of a Website/Web Application for hosting on a staging server
Name of Website/Web Application Owner Department Name Purpose of Application/Website In case of breach of security by hacking/cyber attacks, 1). Possibility of disruption of Service Delivery (YES/NO) 2). Possible downtime of Website/Web application (Hours) 3). Possibility of loss of crucial data and records of the Department (YES/NO) 4). Possibility of defacement/distortion of Website/Web Application (YES/NO) 5). Approx. Cost of Recovery and Restoration (In Rs. Lakhs) Authorized Project OIC/Nodal Officer / Public Information Officer of the Department Name: Date: Signature:

15

ANNEXURE IV

Check-list of a Website
S.No Guideline to be Checked. 1. Complete Name of the Department 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. National emblem displayed About Department History, Achievements etc. Department Functions and Objectives If department website, Link to State Portal Banglarmukh If State Portal, link to National Portal india.gov.in If State Portal, links to related websites and department websites Contact details of Nodal Officer/Public Information Officer Contact details of Key Department Officials (Postal address, Phone, Fax and E-Mail etc.) Plans, Programs and Schemes Forms, Tenders & Documents for download Proper linking of pages within and outside the website, No broken links, No links leading to Page not found errors Department Acts, Rules and Policies, if applicable Circulars and Notifications, if any Recruitment information and Forms, if any News, Events and Press Releases; if any User Feedback, Grievance and Query mechanism Website is hosted under government domain name gov.in Website is Bilingual English and Bengali Compliance (Y/N or NA)

16

ANNEXURE V

List of Major Vulnerabilities and suggested Counter-measures

S.No. 1 Vulnerability Multiplevulnerabilitiesin Microsoftproducts: WindowsServer2008,2003 &WindowsVista ImpactType Unauthorized remote code execution and information disclosure MicrosoftIISAuthentication Provides MemoryCorruption administrator ArbitraryCodeExecution access, Allows unauthorized disclosure of information, Allows disruption of service CrosssiteScriptingin Allows MicrosoftSharepointServer unauthorized 2007 modification Countermeasure Regular Microsoft Security updates http://www.microsoft.com/ technet/security/bulletin/ ms11apr.mspx Microsoft updates as per Microsoft Security Bulletin MS10040 References CERTInadvisory note: CIAD20110032

CERTIn vulnerabilitynote: CIVN20100153

Securityupdatesasper MicrosoftSecurityBulletin MS10039

AllowsDoS (Denialof Service) condition through remoteattack andarbitrary codeexecution ApacheHTTPserver AllowsDoS requestheaderinformation (Denialof disclosure Service) condition through remoteattack MultipleCrosssiteScripting Allows vulnerabilitiesintheBack unauthorized endinJoomla modification SQLinjectionvulnerability Allows intheYannickGaultier unauthorized sh404SEFcomponentfor disclosureof Joomla information; unauthorized SQLinjectionvulnerability modification; intheJExtensionsJEAuto disruptionof (com_jeauto)component service forJoomla

Apachemod_isapi MemoryCorruption

UpgradetoApacheversion 2.2.15orLater

Common Vulnerabilitiesand Exposures(CVE) name CVE20100817 CERTIn vulnerabilitynote: CIVN201070

UpgradetoApacheversion 2.2.15orLater

CERTIn vulnerabilitynote: CIVN201071

UpgradetotheLatest Joomlaversion1.5.20or Later Upgradetolatestversions ofsh404SEFComponentfor Joomla Upgradetoversion1.1or higher

CVE20102535 CVE20104404

CVE20104720

17