Five 'must-secure' Web app vulnerabilities

Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention.According to Mark Painter from the HP Security Laboratory, the Geronimo flaws expose users to a variety of attack vectors that could lead to the theft of sensitive information and cookie-based authentication credentials.

Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention.

According to Mark Painter from the HP Security Laboratory, the Geronimo flaws expose users to a variety of attack vectors that could lead to the theft of sensitive information and cookie-based authentication credentials. Here's the top-five list from this past week:

1. Apache Geronimo Application Server

The free, open-source Apache Geronimo Application Server 2.1 through 2.1.3 is prone to multiple remote vulnerabilities.

  • Multiple directory traversal vulnerabilities (see advisory)
  • A cross-site scripting vulnerability (see advisory)
  • Multiple HTML-injection vulnerabilities
  • A cross-site request-forgery vulnerability (see advisory)

It's important to note that attackers can exploit these issues to obtain sensitive information, upload arbitrary files, execute arbitrary script code, steal cookie-based authentication credentials, and perform certain administrative actions.

2. SAP cFolders

SAP cFolders is vulnerable to several cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.  Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

3. CS Whois Lookup

CS Whois Lookup is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input.  Successful attacks can compromise the affected software and possibly the computer.

An attacker can exploit this issue using a browser. The following example URI is available.

There are not patches available yet.  Contact CS Whois Lookup for information.

4. phpMyAdmin

There is a remote PHP code-injection vulnerability (PMASA-2009-4) affecting phpMyAdmin.

An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

This issue affects phpMyAdmin 3.x (prior to 3.1.3.2). Attackers can launch exploits issue via a browser.  Patches are available.

5. Novell Teaming

A user-enumeration weakness and multiple cross-site scripting vulnerabilities expose users of Novell Teaming to a range of attack scenarios.

  • A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames and then perform brute-force attacks; other attacks are also possible.
  • The attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

To exploit the cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI. The following example URI is available.

Novell Teaming 1.0.3 is vulnerable; other versions may also be affected.