Cenzic Research Lab Names Top Five Critical Web Application Vulnerabilities for October24 November 2005
Cenzic's Intelligent Analysis (CIA)
research lab today named the top five most serious web application
vulnerabilities for the month of October. CIA specializes in the continuous
research of application vulnerabilities and the development of remediation
strategies to assist customers with their web application security needs in
enterprise environments.
Cenzic has identified and analyzed the most serious vulnerabilities
announced by vendors and other third parties in October. The company's top
five includes vulnerabilities in many of today's most widely used business
platforms, including Weblogic, Oracle, PHP, Sun Java Application Server and
Apache.
Under the auspice of CIA, Cenzic evaluates a wide range of newly discovered
application vulnerabilities and prioritizes them based on their severity
and potential to impact regulatory compliance, internal policy compliance,
information privacy and financial losses. This information is released on
a monthly or bi-monthly basis and can be used by enterprises as a first
step in addressing the security of custom and commercial web applications.
The CIA team analyzed all web application security vulnerabilities
discovered in October, and selected the following for their severity and
potential threat to common, widely used software and business environments:
1. Multiple Vulnerabilities Discovered in BEA Weblogic Server
[CIA-1032-Alert]
http://www.cenzic.com/cia_research/alerts/bea_weblogic-alerts.php
Multiple vulnerabilities were discovered in the BEA Weblogic server that
permit denial of service, cross-site scripting, and privilege elevation
attacks. BEA issued 22 separate advisories relating to the Weblogic server
platform. Among these advisories are various vulnerability types, including
weak SSL encryption being used under certain circumstances, denial of
service causing server threads to hang, privilege elevation attacks,
cross-site scripting, buffer overflows, unauthorized file access and
information disclosure, unauthorized access to servlets, and the disclosure
of system or user passwords.
Enterprises should consult in the individual advisories to determine if
their platform is affected. BEA Weblogic server versions 6.1 SP7, 7.0 SP6,
8.1 SP4, 9.0, and others, are known to be affected by one or more of the
advisories.
Enterprises with affected sites should apply the appropriate BEA patches
for their server.
2. Sun Java System Application May Disclose Source Code of JSP to Remote
Users
[CIA-1033-Alert]
http://www.cenzic.com/cia_research/alerts/sunjava_system-alerts.php
An unspecified vulnerability in the following Sun Java Application Server
platforms may allow unauthorized users to access the source code of Java
Server pages:
-- Standard Edition 7 2004Q2 Update 2 and earlier
-- Standard Edition 7 Update 6 and earlier
-- Enterprise Edition 7 2004Q2 Update 2 and earlier
-- Platform Edition 7 Update 6 and earlier
A disclosure of Java Server Pages source code may allow an attacker to
perpetrate theft of proprietary information and/or infer vulnerabilities in
the application itself.
Affected sites should apply the vendor supplied fix. Additional information
is available at:
http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-101910-1
3. Multiple Vulnerabilities Found in Oracle Database and Application
Server
[CIA-1034-Alert]
http://www.cenzic.com/cia_research/alerts/oracle_database-alerts.php
Multiple vulnerabilities in the Oracle Database and Oracle Application
server may allow an attacker to compromise the confidentiality and
integrity of data, or conduct denial of service attacks. Versions 8, 8i,
9i, 10g of the Oracle Database Server and Oracle Application server are
affected by multiple vulnerabilities, some classified as having a wide
impact.
Enterprises can address this vulnerability by applying the appropriate
security patches discussed in the Critical Patch Update Advisory for
October 2005, found at:
www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html
4. Apache Denial of Service via Memory Leak in MPM 'worker.c'
[CIA-1035-Alert]
http://www.cenzic.com/cia_research/alerts/apache_denial-alerts.php
A memory leak in the Apache worker MPM (Multi-Processing Module) may allow
an attacker to cause excess system resource consumption by aborting
connections. Memory reserved for the connection request is improperly freed
for use by other processes, resulting in the eventual inability for the
server to handle incoming requests. The vulnerability also affects the IBM
HTTP Server which is based on the Apache codebase.
Enterprises can address this vulnerability by applying the appropriate
patches provided at the following links:
Apache SVN security Fix:
http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/2.2.x/server/mpm/worker/worker.c
IBM HTTP Security Fix:
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24010709
5. Multiple Vulnerabilities Found in PHP Allow Unauthorized Access to
Servers
[CIA-1036-Alert]
http://www.cenzic.com/cia_research/alerts/php_multiple-alerts.php
The PHP Hardening project discovered multiple security flaws in versions of
PHP. The following vulnerabilities affect PHP 4 versions 4.4.0 and prior,
and PHP 5 versions 5.0.5 and prior:
-- PHP File-Upload $GLOBALS Overwrite Vulnerability
-- PHP register_globals Activation Vulnerability in parse_str()
-- PHP Cross Site Scripting (XSS) Vulnerability in phpinfo())
These vulnerabilities can allow an attacker to obtain unauthorized access
to a server running an affected version of PHP.
Sites using affected versions should upgrade to a fixed version of PHP as
soon as it becomes available. For PHP 4 visit:
http://www.php.net/release_4_4_1.php
A fix is still pending for PHP 5.
About Cenzic's Ratings
Cenzic uses a proprietary formula for calculating the severity of
vulnerability information. Cenzic's risk metrics are subject to change
without notice. The vulnerabilities selected for this alert were chosen due
to one or more of the following factors:
-- Origin: the vulnerability could be exploited by unauthenticated
remote users;
-- Boundary: the vulnerability would allow privilege escalation upon a
successful attack;
-- Popularity: the software is widely used or deployed; and
-- Criticality: the vulnerability fits the profile of the critical areas
identified by OWASP, CSI, SANS, or other sources.
That a particular vulnerability is rated as severe does not imply
negligence on part of the author/maintainer/vendor of the affected
software.
Cenzic has taken immediate steps to ensure that users of Cenzic Hailstorm
are proactively alerted against these and other serious security
vulnerabilities. CIA monitors security vulnerability information as it is
released to ensure that Hailstorm provides up-to-date, comprehensive,
detection and remediation of the most severe application security
vulnerabilities.
About Cenzic Intelligent Analysis (CIA) Research
The Cenzic Intelligent Analysis (CIA) team specializes in continuous
research into application vulnerabilities and the latest tools and
techniques used within the field of application security. The CIA team
monitors the latest vulnerabilities and trends affecting application
security by tracking Internet newsgroups, forums, mailing lists, and
underground websites where vulnerability information is released, In
addition to its research focus, CIA experts also perform vulnerability
assessment, penetration testing, and security testing.
Cenzic has dedicated experts whose sole job is to perform ongoing research
to not only analyze known vulnerabilities but also discover new or
undisclosed vulnerabilities in custom, commercial, and open-source
applications, and to make this information available to customers and to
the community at large in the form of publications and security alerts.
Cenzic Hailstorm is updated similar to anti-virus on a regular basis with
new vulnerability information to give customers an advantage in staying
ahead of new vulnerabilities.
About Cenzic
Cenzic is a leading provider of the next-generation enterprise software and
services for automated application security assessment and compliance that
allows Fortune 1000 corporations, mid-sized corporations, and government
organizations to dramatically improve the security of web applications.
Cenzic® Hailstorm®, the most accurate and extensible product in the
industry, enables security experts, QA professionals, and developers to
work together to assess, analyze, and remediate applications for security
vulnerabilities, Hailstorm benefits include reduced security risk and
liability, lower development and testing costs, and faster time-to-market.
Cenzic ClickToSecure™ service is one of the industry's first solutions
to combine the power of an enterprise-class application security assessment
product with the flexibility of a managed security service. Cenzic's
current focus includes financial services, e-retail, healthcare, and
government sectors. For more information, visit www.cenzic.com.
CONTACT:
Jason Throckmorton or Jesse Odell
LaunchSquad
415-625-8555
Email Contact
SOURCE: Cenzic
Source: Marketwire
All trademarks and copyrighted information contained herein are the property of their respective owners.
Related Computer Hardware Articles
|
