Cenzic Research Lab Names Top Five Critical Web Application Vulnerabilities for March and April1 June 2006
Cenzic's Intelligent Analysis (CIA)research lab today named the top five most serious web applicationvulnerabilities for the months of March and April 2006. CIA specializes inthe continuous research of application vulnerabilities and the developmentof remediation strategies to assist customers with their web applicationsecurity needs in enterprise environments.
Under the auspice of CIA, Cenzic evaluates a wide range of newly discoveredapplication vulnerabilities and prioritizes them based on their severityand potential to impact regulatory compliance, internal policy compliance,information privacy and financial losses. This information is released ona monthly or bi-monthly basis and can be used by enterprises as a firststep in addressing the security of custom and commercial web applications.
The CIA team analyzed all web application security vulnerabilitiesdiscovered in March and April and named the following as the top five mostserious vulnerabilities for this time period:
1. osCommerce Extras Directory Traversal Vulnerability
[CIA-1047-Alert]
osCommerce, a popular e-Commerce framework written in PHP, has a directorytraversal vulnerability in version 2.2 and possibly earlier versions thatallows an attacker to view files outside of the web server root directoryusing "../" characters. The attack allows arbitrary files to be viewed withthe associated permissions of the web server process. Sites runningaffected versions should upgrade to a fixed version even if the "extras"package is not being used, or remove the "extras" directory until asolution is available.
Contact the osCommerce for additional information on solutions or fixes at:http://www.oscommerce.com/solutions/oscommerce
2. IBM Tivoli Business Systems Manager Cross Site Scripting
[CIA-1048-Alert]
The IBM Tivoli Business Systems Manager version 3.1 lacks sufficient inputvalidation in one of its .jsp scripts, in that the script apwc_win_main.jspfails to properly sanitize user input in the "skin=" parameter. This flawallows a remote attacker to launch Cross Site Scripting attacks to stealuser cookies, redirect the user to potentially dangerous content, andpossibly exploit other browser-based flaws.
IBM has provided a security fix (LA interim fix, 3.1.0.1-TIV-BSM-LA0112 andLA interim fix, 3.1.0.1-TIV-BSM-LA0116). The vendor advisory providesadditional information:http://www-1.ibm.com/support/docview.wss?uid=swg1OA14904
3. IBM Websphere Multiple Vulnerabilities
[CIA-1049-Alert]
A JSP disclosure affects Websphere versions 4.0.1 through 4.0.3. Undercertain conditions the JSP source of files can be displayed rather than theintended page, disclosing confidential information and helping attackersfind other vulnerabilities in the web application running on the WebsphereHost.
-- Solution: Affected sites should apply the appropriate fix packsavailable from the vendor, or upgrade to a newer version (from 5.0 to5.0.2.16; or from 5.1to 5.1.1.10). For additional information, login to theIBM website at: www.ibm.com/support/docview.wss?uid=swg21053738
Denial of service via overly long header values allows remote users to denyservice on certain 5.X versions of Websphere, causing the server to crash.Affected versions include 5.0 release versions 5.0.2.15 and prior, and 5.1release versions 5.1.1.9 and prior.
-- Solution: Vulnerabilities can be eliminated by APAR (PQ62144) as well asupgrading to version 4.0.4. For additional information, login to the IBMwebsite at: www.ibm.com/support/docview.wss?uid=swg21053738
4. Microsoft Multiple Cross Site Scripting Vulnerabilities
[CIA-1050-Alert]
Cross Site Scripting vulnerabilities have been reported in MicrosoftFrontPage Extensions 2002 and SharePoint Team Services, allowing anattacker to inject executable script into web applications that willexecute with the permissions of the web server domain as its trust relatesto the user's browser.
Microsoft has produced a number of patches to address the security issuesoutlined in MS06-17. Affected enterprises should consult the advisory todetermine the extent to which particular server configurations orapplication versions are vulnerable:http://www.microsoft.com/technet/security/bulletin/ms06-017.mspx
5. Groupwise Accept-Language Header Buffer Overflow
[CIA-1051-Alert]
Novell Groupwise Messenger 2.0 is vulnerable to a remote buffer overflow inthe processing of HTTP Header values, allowing an attacker to executearbitrary code by injecting a malformed header value. The specific flawresides in a Messenger Agent that typically listens on port 8300, which canbe exploited by sending the web server a specially formattedAccept-Language Header.
The vendor has issued a fix for this vulnerability (2.0 Public Beta 2), andwill include the security patch within Groupwise Messenger 2.0 SP1. Foradditional information visit:http://support.novell.com/cgi-bin/search/searchtid.cgi?10100861.htm
About Cenzic's Ratings
Cenzic uses a proprietary formula for calculating the severity ofvulnerability information. Cenzic's risk metrics are subject to changewithout notice. The vulnerabilities selected for this alert were chosen dueto one or more of the following factors:
-- Origin: the vulnerability could be exploited by unauthenticated remote users;-- Boundary: the vulnerability would allow privilege escalation upon a successful attack;-- Popularity: the software is widely used or deployed; and-- Criticality: the vulnerability fits the profile of the critical areas identified by OWASP, CSI, SANS, or other sources.
That a particular vulnerability is rated as severe does not implynegligence on the part of the author/maintainer/vendor of the affectedsoftware.
Cenzic has taken immediate steps to ensure that users of Cenzic Hailstormare proactively alerted against these and other serious securityvulnerabilities. CIA monitors security vulnerability information as it isreleased to ensure that Hailstorm provides up-to-date, comprehensive,detection and remediation of the most severe application securityvulnerabilities. For more information, please visit Cenzic's CIA websiteat http://www.cenzic.com/cia_research/.
About Cenzic Intelligent Analysis (CIA) Research
The Cenzic Intelligent Analysis (CIA) team specializes in continuousresearch into application vulnerabilities and the latest tools andtechniques used within the field of application security. The CIA teammonitors the latest vulnerabilities and trends affecting applicationsecurity by tracking Internet newsgroups, forums, mailing lists, andunderground websites where vulnerability information is released, Inaddition to its research focus, CIA experts also perform vulnerabilityassessment, penetration testing, and security testing.
Cenzic has dedicated experts whose sole job is to perform ongoing researchto not only analyze known vulnerabilities but also discover new orundisclosed vulnerabilities in custom, commercial, and open-sourceapplications, and to make this information available to customers and tothe community at large in the form of publications and security alerts.Cenzic Hailstorm is updated similar to anti-virus on a regular basis withnew vulnerability information to give customers an advantage in stayingahead of new vulnerabilities.
About Cenzic
Cenzic is a leading provider of the next-generation enterprise software anda leading Managed Service offering for automated application securityassessment and compliance that allows Fortune 1000 corporations, mid-sizedcorporations, and government organizations to dramatically improve thesecurity of web applications throughout the software development lifecycle(SDLC). Cenzic® Hailstorm®, the most accurate and extensible product inthe industry, enables security experts, QA professionals, and developers towork together to assess, analyze, and remediate applications for securityvulnerabilities. Hailstorm benefits include reduced security risk andliability, lower development and testing costs, and faster time-to-market.Cenzic ClickToSecure™ service is one of the industry's first Software asa Service (SaaS) to combine the power of an enterprise-class applicationsecurity assessment product with the flexibility of a managed securityservice. Cenzic Assessment Methodology completes the solution with astate-of-the-art business process consulting service to help customersimprove their application security methodologies. Cenzic solutions are themost accurate, comprehensive, and extensible in the industry. Cenzic'scurrent focus includes financial services, e-retail, healthcare, andgovernment sectors. For more information, visit www.cenzic.com.
CONTACT:Jason ThrockmortonorMelissa BilesLaunchSquad415-625-8555Email Contact
SOURCE: Cenzic
Source: marketwire
All trademarks and copyrighted information contained herein are the property of their respective owners.
Related Computer Hardware Articles
|
