SOURCE: Cenzic

November 28, 2006 11:00 ET

Cenzic Research Lab Identifies Top Five Critical Web Application Vulnerabilities for October

Together CIA Lab and Vulnerable Sites Recommend Steps to Protect Against Hackers

SANTA CLARA, CA -- (MARKET WIRE) -- November 28, 2006 -- Cenzic's Intelligent Analysis (CIA) research lab today named the top five most serious web application vulnerabilities for October 2006. The CIA Lab specializes in the continuous research of application vulnerabilities and the development of remediation strategies to assist customers with their web application security needs in enterprise environments.

Cenzic's CIA Lab evaluates a wide range of newly discovered application vulnerabilities and prioritizes them based on their severity and potential to impact regulatory compliance, internal policy compliance, information privacy and financial losses. This information is released on a monthly or bi-monthly basis and can be used by enterprises as a first step in addressing the security of custom and commercial web applications.

Upon notification enterprises generally take action to remove the vulnerability, alert impacted users and, if necessary, release security fixes or upgrades.

According to Tom Stracener, senior security analyst for Cenzic CIA Labs, "In today's environment when vulnerabilities and advisories are released in high volume and from numerous industry sources, the Top 5 vulnerability list from CIA Labs helps enterprises attenuate the signal and focus on key vulnerabilities that affect major platforms and internet software."

The CIA team analyzed all web application security vulnerabilities discovered in October and named the following as the top five most serious vulnerabilities for this time period:

1. Novell eDirectory\iMonitor Host Header Buffer Overflow
A vulnerability in Novell eDirectory 8.8.1 may allow an attacker to execute arbitrary code on the eDirectory server. Affected users should apply Novell's security fix for this vulnerability, 8.8.1 FTF1, which can be found at the Novell Support web site:

CVE Number(s):

2. Apache mod_tcl Format String
A format string vulnerability was discovered in mod_tcl version 1.0 for Apache 2.x servers, whereby there is a risk of remote users executing arbitrary code. Affected users should upgrade to mod_tcl version 1.0.1 available at

CVE Number(s):

3. Multiple Vulnerabilities in PHP
Several high-risk security issues were recently disclosed in versions of PHP prior to 5.2.0. PHP is a widely used general-purpose scripting language used in Web development. Issues included heap overflows and other bugs that let users execute arbitrary code or cause denial of service conditions. Sites using vulnerable versions of PHP should upgrade to the latest stable release of PHP, 5.2.0, which is available from the vendor:

CVE Number(s):

4. osCommerce Cross-Site Scripting
Multiple Cross-Site Scripting (XSS) vulnerabilities were discovered in osCommerce version 2.2. Sites using vulnerable versions should contact osCommerce support for information regarding a solution. As a temporary workaround, ensure that access to the /admin directory is properly secured. Fixed versions of osCommerce are released at:

CVE Number(s):

5. ASP.NET Cross-Site Scripting
A vulnerability in ASP.NET 2.0 allows a remote attacker to perform Cross-Site Scripting attacks via AutoPostBack. Affected users should apply the appropriate security update from Microsoft. For more information, see

CVE Number(s):

About CIA Lab Ratings

Cenzic's CIA Lab uses a proprietary formula for calculating the severity of vulnerability information. Cenzic's risk metrics are subject to change without notice. The vulnerabilities selected for this alert were chosen due to one or more of the following factors:

Origin:       unauthenticated remote users could exploit the vulnerability
Boundary:     the vulnerability would allow privilege escalation upon a
              successful attack
Popularity:   the software is widely used or deployed
Criticality:  the vulnerability fits the profile of the critical areas
              identified by OWASP, CSI, SANS, or other sources.
That a particular vulnerability is rated as severe does not imply negligence on the part of the author/maintainer/vendor of the affected software.

Cenzic has taken immediate steps to ensure that users of Cenzic Hailstorm are proactively alerted against these and other serious security vulnerabilities. CIA monitors security vulnerability information as it is released to ensure that Hailstorm provides up-to-date, comprehensive detection and remediation of the most severe application security vulnerabilities. For more information, please visit Cenzic's CIA website at

About Cenzic Intelligent Analysis (CIA) Research

The Cenzic Intelligent Analysis (CIA) team specializes in continuous research into application vulnerabilities and the latest tools and techniques used within the field of application security. The CIA team monitors the latest vulnerabilities and trends affecting application security by tracking Internet newsgroups, forums, mailing lists, and underground websites where vulnerability information is released. In addition to its research focus, CIA experts also perform vulnerability assessment, penetration testing, and security testing.

Cenzic has dedicated experts whose sole job is to perform ongoing research to not only analyze known vulnerabilities but also discover new or undisclosed vulnerabilities in custom, commercial, and open-source applications, and to make this information available to customers and to the community at large in the form of publications and security alerts. Cenzic Hailstorm is updated similar to anti-virus on a regular basis with new vulnerability information to give customers an advantage in staying ahead of new vulnerabilities.

About Cenzic

Cenzic is a leading provider of the next-generation enterprise software and a leading Managed Service offering for automated application security assessment and compliance that allows Fortune 1000 corporations, mid-sized corporations, and government organizations to dramatically improve the security of web applications. Cenzic solutions are the most accurate, comprehensive, and extensible in the industry. Cenzic's current focus includes financial services, e-retail, healthcare, and government sectors. For more information, visit

Contact Information