SOURCE: Cenzic

September 29, 2005 10:36 ET

Cenzic Research Lab Names Top Five Critical Web Application Vulnerabilities for August and September

Vulnerabilities in MySQL, Microsoft IIS, Apache and Lotus Domino Named Most Serious Risk for Potential Attacks

SANTA CLARA, CA -- (MARKET WIRE) -- September 29, 2005 -- Cenzic's Intelligent Analysis (CIA) research lab today named the top five most serious web application vulnerabilities for the months of August and September. CIA specializes in the continuous research of application vulnerabilities and the development of remediation strategies to assist customers with their web application security needs in enterprise environments.

Cenzic has identified and analyzed the most serious vulnerabilities announced by vendors and other third parties in August and September. The company's top five includes vulnerabilities in many of today's most widely used business platforms, including IIS, WebLogic, HP Openview and Apache.

Under the auspice of CIA, Cenzic evaluates a wide range of newly discovered application vulnerabilities and prioritizes them based on their severity and potential to impact regulatory compliance, internal policy compliance, information privacy and financial losses. This information is released on a monthly or bi-monthly basis and can be used by enterprises as a first step in addressing the security of custom and commercial web applications.

The CIA team analyzed all web application security vulnerabilities discovered in August and September, and selected the following for their severity and potential threat to common, widely used software and business environments:

1. Server Name Spoofing Results in Source Disclosure in Microsoft IIS 5.x/6.x

[CIA-1031-Alert] http://www.cenzic.com/alerts/server-name-alerts.html

Microsoft Internet Information Server 5.X and 6.X may reveal potentially sensitive information to a remote user who requests a resource with a specially crafted HTTP request. An attacker could compromise a server by obtaining this information, which may include passwords or other secure credentials.

Enterprises can contact the vendor for an available hotfix or workaround.

2. Lotus Domino/Notes Multiple Cross-Site Scripting

Several Frameset elements of the Lotus Domino Server are vulnerable to Cross-Site Scripting attacks, allowing an attacker to execute scripting commands within target user browsers. Cross-Site scripting vulnerabilities facilitate the theft of authentication cookies or other credentials, and may render the server susceptible to more elaborate attacks.

Affected enterprises should apply the 6.5.4 Fix Pack 1 Security Fix.

3. Apache Memory Leak Allows Denial of Service

[CIA-1033-Alert] http://www.cenzic.com/alerts/apache-memorys-alerts.html

A vulnerability in Apache 2.X allows a remote attacker to cause a denial-of-service under certain conditions. The byterange filter in Apache 2.X buffers the entire HTTP response to a particular request, causing repeated requests to CGI scripts on the target server to result in system instability, slowdown, and the eventual crash of the web server.

Enterprises can address this vulnerability by applying a fix available for /modules/http/http_protocol.c for Apache. Additional information is available at: http://svn.apache.org/viewcvs.cgi?rev=239378&view=rev

4. Multiple Vulnerabilities in MySQL Allow Cross-Site Scripting Attacks

[CIA-1034-Alert] http://www.cenzic.com/alerts/mySQL-eventum-alerts.html

MySQL Eventum v. 1.5.5 and previous are affected by multiple SQL Injection and Cross-Site Scripting vulnerabilities. Various scripts within MySQL Eventnum do not properly validate user-supplied input, allowing a remote attacker to conduct Cross-Site Scripting attacks. In addition, other scripts allow SQL Injection attacks, which grant an attacker the ability to execute commands on the underlying database. This can result in an attacker obtaining access to confidential or sensitive information stored within the MySQL database.

Enterprises can address this vulnerability by upgrading to 1.6.0 available at: http://dev.mysql.com/downloads/other/eventum/

5. WebLogic Access Control Vulnerability Allows Hackers to Access Restricted Pages

[CIA-1035-Alert] http://www.cenzic.com/alerts/webLogic-portal-alerts.html

A vulnerability in WebLogic Portal versions 8.1 through SP4 allows a remote user to bypass entitlement restrictions and access content that would ordinarily be restricted based on their entitlements. By maliciously crafting a URL it is possible to bypass all entitlement restrictions, which could result in an exposure of confidential information, and potentially provide an opening to access the server.

Enterprises can address the vulnerability by applying the security fix provided at: ftp://ftpna.beasys.com/pub/releases/security/patch_CR238578_81SP4.zip

About Cenzic's Ratings

Cenzic uses a proprietary formula for calculating the severity of vulnerability information. Cenzic's risk metrics are subject to change without notice. The vulnerabilities selected for this alert were chosen due to one or more of the following factors:

--  Origin: the vulnerability could be exploited by unauthenticated
    remote users;
--  Boundary: the vulnerability would allow privilege escalation upon a
    successful attack;
--  Popularity: the software is widely used or deployed; and
--  Criticality: the vulnerability fits the profile of the critical areas
    identified by OWASP, CSI, SANS, or other sources.
    
That a particular vulnerability is rated as severe does not imply negligence on part of the author/maintainer/vendor of the affected software.

Cenzic has taken immediate steps to ensure that users of Cenzic Hailstorm are proactively alerted against these and other serious security vulnerabilities. CIA monitors security vulnerability information as it is released to ensure that Hailstorm provides up-to-date, comprehensive, detection and remediation of the most severe application security vulnerabilities.

About Cenzic Intelligent Analysis (CIA) Research

The Cenzic Intelligent Analysis (CIA) team specializes in continuous research into application vulnerabilities and the latest tools and techniques used within the field of application security. The CIA team monitors the latest vulnerabilities and trends affecting application security by tracking Internet newsgroups, forums, mailing lists, and underground websites where vulnerability information is released, In addition to its research focus, CIA experts also perform vulnerability assessment, penetration testing, and security testing.

Cenzic has dedicated experts whose sole job is to perform ongoing research to not only analyze known vulnerabilities but also discover new or undisclosed vulnerabilities in custom, commercial, and open-source applications, and to make this information available to customers and to the community at large in the form of publications and security alerts. Cenzic Hailstorm is updated similar to anti-virus on a regular basis with new vulnerability information to give customers an advantage in staying ahead of new vulnerabilities.

About Cenzic

Cenzic provides Hailstorm®, the next-generation enterprise software and services for automated application security assessment and compliance that allows Fortune 1000 corporations and government organizations to dramatically improve the security of web applications. Hailstorm enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, and verify compliance with security policies. Hailstorm benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic ClickToSecure™ service is one of the industry's first solutions to combine the power of an enterprise-class application security assessment product with the flexibility of a managed security service. Cenzic's customers are currently in the financial services, e-retail, and government sectors. For more information visit www.cenzic.com.

Contact Information