Five 'must-secure' Web app vulnerabilities
Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention.
According to Mark Painter from the HP Security Laboratory, the Geronimo flaws expose users to a variety of attack vectors that could lead to the theft of sensitive information and cookie-based authentication credentials. Here's the top-five list from this past week:
1. Apache Geronimo Application Server
The free, open-source Apache Geronimo Application Server 2.1 through 2.1.3 is prone to multiple remote vulnerabilities.
- Multiple directory traversal vulnerabilities (see advisory)
- A cross-site scripting vulnerability (see advisory)
- Multiple HTML-injection vulnerabilities
- A cross-site request-forgery vulnerability (see advisory)
2. SAP cFolders
SAP cFolders is vulnerable to several cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
- SAP Cfolders Multiple Stored XSS Vulnerabilies (Digital Security)
- SAP Cfolders Multiple Linked XSS Vulnerabilities (Digital Security)
- SAP Cfolders Multiple Linked XSS Vulnerabilities ("Digital Security Research Group \[DSecRG\]" )
- SAP Cfolders Multiple Stored XSS Vulnerabilies ("Digital Security Research Group \[DSecRG\]" )
- SAP note 1284360 (SAP)
- SAP note 1292875 (SAP)
3. CS Whois Lookup
CS Whois Lookup is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected software and possibly the computer.
An attacker can exploit this issue using a browser. The following example URI is available.
There are not patches available yet. Contact CS Whois Lookup for information.
4. phpMyAdmin
There is a remote PHP code-injection vulnerability (PMASA-2009-4) affecting phpMyAdmin.
An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
This issue affects phpMyAdmin 3.x (prior to 3.1.3.2). Attackers can launch exploits issue via a browser. Patches are available.
5. Novell Teaming
A user-enumeration weakness and multiple cross-site scripting vulnerabilities expose users of Novell Teaming to a range of attack scenarios.
- A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames and then perform brute-force attacks; other attacks are also possible.
- The attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
To exploit the cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI. The following example URI is available.
- Multiple Vulnerabilities in Novell Teaming (Bernhard Mueller )
- Novell Teaming username enumeration vulnerability fix (Novell)
- Novell Teaming Cross-Site Scripting Vulnerability fix (Novell)
Novell Teaming 1.0.3 is vulnerable; other versions may also be affected.