Cenzic Research Lab Names Top Five Critical Web Application Vulnerabilities for November and December18 January 2006
Cenzic's Intelligent Analysis (CIA) research lab today named the top five most serious web application vulnerabilities for the months of November and December, 2005. CIA specializes in the continuous research of application vulnerabilities and the development of remediation strategies to assist customers with their web application security needs in enterprise environments.
Cenzic has identified and analyzed the most serious vulnerabilities announced by vendors and other third parties in November and December. The company's top five includes vulnerabilities in many of today's most widely used business platforms, including IBM WebSphere, Tomcat Server, PHP, Microsoft Internet Information Server and Apache.
Under the auspice of CIA, Cenzic evaluates a wide range of newly discovered application vulnerabilities and prioritizes them based on their severity and potential to impact regulatory compliance, internal policy compliance, information privacy and financial losses. This information is released on a monthly or bi-monthly basis and can be used by enterprises as a first step in addressing the security of custom and commercial web applications.
The CIA team analyzed all web application security vulnerabilities discovered in November and December and selected the following for their severity and potential threat to common, widely used software and business environments:
1. PHP Flaw In parse_str() May Let Remote Users Turn On Register_Globals
[CIA-1037-Alert]
http://www.cenzic.com/cia_research/alerts/php_flaw-alert.php
A vulnerability in parse_str() allows a remote attacker remotely to modify the PHP configuration, turning on register globals and keeping it on for the duration of the attack. Turning on register_globals can introduce other security issues within an application, making it easier for an attacker to exploit other input validation or scripting based attacks against the application or server.
Affected enterprises should upgrade to a fixed version of PHP that prevents this behavior. The original advisory is available at: http://www.hardened-php.net/advisory_192005.78.html
2. Tomcat Server Lets Remote Attackers Deny Service Via Multiple Directory Requests
[CIA-1038-Alert]
http://www.cenzic.com/cia_research/alerts/tomcat_server-alert.php
A remote user can submit multiple requests to directories that allow directory listing and cause the server to cease functioning. The requests must be sent to directories that contain numerous files, but the number of requests required to cause this condition varies depending upon the environment. Attacking the server in this manner can interrupt normal operations and prevent the server from handling additional requests.
Affected sites are advised to Upgrade to version 5.5.12.
3. Apache Mod_Imap Cross-Site Scripting
[CIA-1039-Alert]
http://www.cenzic.com/cia_research/alerts/apache_mod_imap-alert.php
When Apache Server is configured with the mod_imap Module, and image maps are in use, it is possible for an attacker to launch Cross-Site Scripting (XSS) attacks against the server to execute arbitrary scripts or inject HTML. The vulnerability arises due to faulty input validation of the HTTP Referrer Field when mod_imap is installed. Any scripts that are injected in this manner will execute in the security context of the Apache Server.
Cross-Site Scripting allows an attacker to perpetrate a large number of actions, including cookie-credential theft, as well as exploiting browser-based security holes when the injected script involves redirection.
Enterprises can address this vulnerability by upgrading to a fixed version of Apache. Versions prior to 1.3.35-dev and 2.0.56-dev are vulnerable.
4. IBM WebSphere Insecure Sample Scripts Allow Cross-Site Scripting And Reveal Valid User Accounts
[CIA-1040-Alert]
http://www.cenzic.com/cia_research/alerts/ibm_websphere-alert.php
The IBM WebSphere server versions 6.0 ships with a number of sample scripts that contain security vulnerabilities. Sample scripts are usually placed on a server for demonstration purposes, but should be removed from production systems. Several WebSphere scripts contain input validation flaws that allow an attacker to conduct Cross-Site Scripting (XSS) attacks against the server, possibly compromising the security of the server itself or any web applications that are installed. The following scripts are known to contain input validation flaws that enable script injection:
-- PlantsByWebSphere/login.jsp
-- /TechnologySample/BulletinBoard
-- /TechnologySamples/Subscription/SubscriptionJSP.jsp
-- /TechnologySamples/MovieReview2_1/
Additionally, the PlantsByWebSphere/login.jsp page returns information during failed authentication attempts that permits an attacker to determine if the account for which credentials were supplied is a valid account on the system. This allows an attacker to mine the server for valid usernames, so that brute-force attacks against user accounts can be conducted.
Enterprises should contact the vendor directly for a security fix (http://www-306.ibm.com/software/websphere/).
5. Microsoft Internet Information Server Denial Of Service Via Multiple GET Requests
[CIA-1041-Alert]
http://www.cenzic.com/cia_research/alerts/microsoft_iis-alert.php
Under certain configurations a vulnerability in Microsoft Internet Information Server allows an attacker to crash the IIS server from remote by sending malformed requests.
Internet Information Server is vulnerable to Denial-of-Service attacks when configured with folders with Execute Permission set to 'Scripts & Executables,' such as the /_vti_bin/ folder. Sending a specially formatted request to a directory with these permissions can cause server instability and a server crash. It is necessary to send at least four requests of this nature to crash the server. Versions of IIS 5 and IIS 6 are affected.
Affected sites should contact Microsoft for a security fix.
About Cenzic's Ratings
Cenzic uses a proprietary formula for calculating the severity of vulnerability information. Cenzic's risk metrics are subject to change without notice. The vulnerabilities selected for this alert were chosen due to one or more of the following factors:
-- Origin: the vulnerability could be exploited by unauthenticated remote
users;
-- Boundary: the vulnerability would allow privilege escalation upon a
successful attack;
-- Popularity: the software is widely used or deployed; and
-- Criticality: the vulnerability fits the profile of the critical areas
identified by OWASP, CSI, SANS, or other sources.
That a particular vulnerability is rated as severe does not imply negligence on part of the author/maintainer/vendor of the affected software.
Cenzic has taken immediate steps to ensure that users of Cenzic Hailstorm are proactively alerted against these and other serious security vulnerabilities. CIA monitors security vulnerability information as it is released to ensure that Hailstorm provides up-to-date, comprehensive, detection and remediation of the most severe application security vulnerabilities.
About Cenzic Intelligent Analysis (CIA) Research
The Cenzic Intelligent Analysis (CIA) team specializes in continuous research into application vulnerabilities and the latest tools and techniques used within the field of application security. The CIA team monitors the latest vulnerabilities and trends affecting application security by tracking Internet newsgroups, forums, mailing lists, and underground websites where vulnerability information is released, In addition to its research focus, CIA experts also perform vulnerability assessment, penetration testing, and security testing.
Cenzic has dedicated experts whose sole job is to perform ongoing research to not only analyze known vulnerabilities but also discover new or undisclosed vulnerabilities in custom, commercial, and open-source applications, and to make this information available to customers and to the community at large in the form of publications and security alerts. Cenzic Hailstorm is updated similar to anti-virus on a regular basis with new vulnerability information to give customers an advantage in staying ahead of new vulnerabilities.
About Cenzic
Cenzic is a leading provider of the next-generation enterprise software and services for automated application security assessment and compliance that allows Fortune 1000 corporations, mid-sized corporations, and government organizations to dramatically improve the security of web applications. Cenzic® Hailstorm®, the most accurate and extensible product in the industry, enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, Hailstorm benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic ClickToSecure™ service is one of the industry's first solutions to combine the power of an enterprise-class application security assessment product with the flexibility of a managed security service. Cenzic Assessment Methodology completes the solution with a state-of-the-art business process consulting service to help customers improve their application security methodologies. Cenzic solutions are the most accurate, comprehensive, and extensible in the industry. Cenzic's current focus includes financial services, e-retail, healthcare, and government sectors. For more information, visit www.cenzic.com.
CONTACT:
Jason Throckmorton or Jesse Odell
LaunchSquad
415-625-8555
Email Contact
SOURCE: Cenzic
Source: marketwire
All trademarks and copyrighted information contained herein are the property of their respective owners.
Related Computer Hardware Articles
|
