SOURCE: Cenzic

March 27, 2006 13:00 ET

Cenzic Research Lab Names Top Five Critical Web Application Vulnerabilities for February

Vulnerabilities in Lotus Domino, Symantec Sygate Management Server, IBM Tivoli, Domino Web Access, and InfoVista VistaPortal Named Most Serious Risks for Potential Attacks

SANTA CLARA, CA -- (MARKET WIRE) -- March 27, 2006 -- Cenzic's Intelligent Analysis (CIA) research lab today named the top five most serious web application vulnerabilities for the month of February 2006. CIA specializes in the continuous research of application vulnerabilities and the development of remediation strategies to assist customers with their web application security needs in enterprise environments.

Cenzic has identified and analyzed the most serious vulnerabilities announced by vendors and other third parties in February. The company's top five list includes vulnerabilities in many of today's most widely used business platforms, including Lotus Domino, Symantec Sygate Management Server, IBM Tivoli, Domino Web Access, and InfoVista VistaPortal.

Under the auspice of CIA, Cenzic evaluates a wide range of newly discovered application vulnerabilities and prioritizes them based on their severity and potential to impact regulatory compliance, internal policy compliance, information privacy and financial losses. This information is released on a monthly basis and can be used by enterprises as a first step in addressing the security of custom and commercial web applications.

The CIA team analyzed all web application security vulnerabilities discovered in February and selected the following for their severity and potential threat to common, widely used software and business environments:

1. Lotus Domino Directory Traversal and URL/Archive Processing Buffer Overflows


Several vulnerabilities were discovered in Lotus Domino/Notes versions 6.5.4 and previous, and in version 7.0. Affected versions allow a remote user to execute malicious code by embedding an overly long URL within an email message. IBM has released patches to eliminate these security issues. Affected users can access IBM support at:

2. Symantec Sygate Management Server SQL Injection Vulnerability


A vulnerability in the Sygate Management Server (SMS) allows a remote attacker to inject SQL command to overwrite the administrator password. Symantec's Sygate Management Server versions 4.1 build 1417 and prior are vulnerable to a SQL injection attack that can give an attacker full control of the system. Affected sites are advised to upgrade to a fixed version, available at:

3.IBM Tivoli Access Manager Directory Traversal Vulnerability


A vulnerability in the IBM Tivoli Access Manager lets a remotely authenticated user access arbitrary files via directory traversal attacks. Versions 5.1.0 and 6.0.0 of the IBM Tivoli Access Manager are vulnerable to these attacks when the Web Server plug-in component is installed.

IBM has released a security fix for each of the affected platforms, which can be accessed at:

--  Fixpack 5.1.0-TIV-WPI-FP0017:

--  Fixpack 6.0.0-TIV-WPI-FP0001:
4. Domino Web Access Multiple Cross-Site Scripting Vulnerabilities


A vulnerability in Domino Web Access allows Cross-Site Scripting attacks because the client fails to sufficiently sanitize HTML code before displaying this information to the user. As a result it is possible to craft a malicious email with HTML embedded in the subject line to cause this code to execute in the browser of any user who views the message. Affected enterprises should implement IBM's security fixes, found at

5. InfoVista VistaPortal Discloses Files and Path to Remote Users


Affected versions of InfoVista VistaPortal are vulnerable to directory traversal attacks, although the particular variation that successfully exploits the vulnerability has not been disclosed. VistaPortal runs with root privileges, thereby allowing access to any file on the server, including files that contain server password configuration for the Solaris Operating System.

Affected sites should apply the InfoVista hotfix (IV00038969) to eliminate the directory traversal vulnerability.

About Cenzic's Ratings

Cenzic uses a proprietary formula for calculating the severity of vulnerability information. Cenzic's risk metrics are subject to change without notice. The vulnerabilities selected for this alert were chosen due to one or more of the following factors:

--  Origin: the vulnerability could be exploited by unauthenticated remote
--  Boundary: the vulnerability would allow privilege escalation upon a
    successful attack;
--  Popularity: the software is widely used or deployed; and
--  Criticality: the vulnerability fits the profile of the critical areas
    identified by OWASP, CSI, SANS, or other sources.
That a particular vulnerability is rated as severe does not imply negligence on part of the author/maintainer/vendor of the affected software.

Cenzic has taken immediate steps to ensure that users of Cenzic Hailstorm are proactively alerted against these and other serious security vulnerabilities. CIA monitors security vulnerability information as it is released to ensure that Hailstorm provides up-to-date, comprehensive, detection and remediation of the most severe application security vulnerabilities.

About Cenzic Intelligent Analysis (CIA) Research

The Cenzic Intelligent Analysis (CIA) team specializes in continuous research into application vulnerabilities and the latest tools and techniques used within the field of application security. The CIA team monitors the latest vulnerabilities and trends affecting application security by tracking Internet newsgroups, forums, mailing lists, and underground websites where vulnerability information is released, In addition to its research focus, CIA experts also perform vulnerability assessment, penetration testing, and security testing.

Cenzic has dedicated experts whose sole job is to perform ongoing research to not only analyze known vulnerabilities but also discover new or undisclosed vulnerabilities in custom, commercial, and open-source applications, and to make this information available to customers and to the community at large in the form of publications and security alerts. Cenzic Hailstorm is updated similar to anti-virus on a regular basis with new vulnerability information to give customers an advantage in staying ahead of new vulnerabilities.

About Cenzic

Cenzic is a leading provider of the next-generation enterprise software and a leading Managed Service offering for automated application security assessment and compliance that allows Fortune 1000 corporations, mid-sized corporations, and government organizations to dramatically improve the security of web applications. Cenzic® Hailstorm®, the most accurate and extensible product in the industry, enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, Hailstorm benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic ClickToSecure™ service is one of the industry's first Software as a Service (SaaS) to combine the power of an enterprise-class application security assessment product with the flexibility of a managed security service. Cenzic Assessment Methodology completes the solution with a state-of-the-art business process consulting service to help customers improve their application security methodologies. Cenzic solutions are the most accurate, comprehensive, and extensible in the industry. Cenzic's current focus includes financial services, e-retail, healthcare, and government sectors. For more information, visit

Contact Information

    Jason Throckmorton or Jesse Odell
    Email Contact