SOURCE: Cenzic

June 30, 2005 09:00 ET

Cenzic Research Lab Names Top Five Critical Web Application Vulnerabilities for May and June

Vulnerabilities in BEA Weblogic, Microsoft ISA Server, IBM WebSphere Named Among Most Serious Risk for Potential Attacks

SANTA CLARA, CA -- (MARKET WIRE) -- June 30, 2005 -- Cenzic's Intelligent Analysis (CIA) research lab today named the top five most serious web application vulnerabilities for the months of May and June. CIA specializes in the continuous research of application vulnerabilities and the development of remediation strategies to ensure complete application security in enterprise environments.

In May and June, Cenzic identified the most serious vulnerabilities announced by vendors and other third parties. The company's top five includes vulnerabilities in many of today's most widely used business platforms, including BEA Weblogic, IBM WebSphere, Sun One, Microsoft ISA Server and Sawmill.

Under the auspice of CIA, Cenzic evaluates a wide range of newly discovered application vulnerabilities and prioritizes them based on their severity and potential to impact regulatory compliance, internal policy compliance, information privacy and financial losses. This information is released on a monthly or bi-monthly basis and can be used by enterprises as a first step in addressing the security of custom and commercial web applications.

The CIA team analyzed all web application security vulnerabilities discovered in May and June and selected the following for their severity and potential threat to common, widely used software and business environments:

1. Multiple Vulnerabilities in BEA Weblogic Server and Weblogic Portal

[CIA-1021-Alert] http://www.cenzic.com/alerts/cia_bea-weblogic-alerts.html

Multiple vulnerabilities were discovered in the BEA WebLogic Server, WebLogic Express, and WebLogic Portal. The vulnerabilities allow several types of attacks, summarized below:

--  Buffer Overflow based denial of service causing high CPU utilization.
--  Remote anonymous binding to the embedded LDAP Server.
--  Cross Site Scripting vulnerabilities in admin console.
--  Performance Degredation
--  Privilege escalation
--  Various information leaks
    
The vendor has issued several security advisories. Please refer to the corresponding advisory for the appropriate solution: http://securitytracker.com/alerts/2005/May/1014049.html or go to: http://dev2dev.bea.com/advisoriesnotifications/index.csp.

2. Buffer Overflow to Execute Arbitrary Code in IBM WebSphere Application Server

[CIA-1022-Alert] http://www.cenzic.com/alerts/cia_ibm-webspherealerts.html

The IBM WebSphere Application Server administrative console is vulnerable to a buffer overflow in Unicode processing, allowing an attacker to execute arbitrary code. The buffer overflow can be exploited prior to authentication.

Enterprises can address the vulnerability by applying the vendor-released security fix, which is available at: http://www-306.ibm.com/software/webservers/appserv/was/. For additional information go to: http://securitytracker.com/alerts/2005/Jun/1014123.html.

3. Unauthorized Access to Files in Sun ONE Application Server

[CIA-1023-Alert] http://www.cenzic.com/alerts/cia_sun-one-alerts.html

A vulnerability in the Sun ONE Application server could allow a remote attacker to access restricted files. The vulnerability affects the Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier.

Enterprises can address the vulnerability by applying the vendor-released security fix, which is available at: http://www.sun.com/download/products.xml?id=42127fa5. For additional information, go to: http://securitytracker.com/alerts/2005/Jun/1014122.html or visit: http://www.sun.com/.

4. Cache Poisoning and Unauthorized Access in Microsoft ISA Server 2000

[CIA-1024-Alert] http://www.cenzic.com/alerts/cia_microsoft-isa-alerts.html

Microsoft Internet Security and Acceleration Server 2000 is vulnerable to cache poisoning and allows unauthorized NetBIOS connections. Microsoft ISA Server 2000 is vulnerable to ISA cache poisoning and allows requests to bypass content filters via malformed HTTP header requests. A second vulnerability in the server permits unauthorized connections to the ISA server via the NetBIOS protocol.

Enterprises can address the vulnerability by applying applying the security fix discussed in Microsoft in Security Bulletin MS05-034: http://www.microsoft.com/technet/security/Bulletin/MS05-034.mspx. For more information, go to: http://securitytracker.com/alerts/2005/Jun/1014193.html or http://www.microsoft.com/security/default.mspx.

5. Authentication Bypass and Unauthorized Privileges in Sawmill

[CIA-1025-Alert] http://www.cenzic.com/alerts/cia_sawmill-alerts.html

Sawmill is a popular log analysis program used for monitoring the logs of web applications and Internet devices. Vulnerabilities in versions 6.x and 7.x make it possible for a remote attacker to bypass authentication and obtain administrative privileges. As a result the attacker would obtain access to application logs, system and user information, and could compromise the integrity of stored Sawmill data.

Enterprises can address the vulnerability by applying the appropriate vendor patch or upgrading to 7.16 or higher. For more information, go to: http://securitytracker.com/id?1014106 or visit the vendor site at: http://www.thesawmill.co.uk/support.htmlMaxDB.

Cenzic uses a proprietary formula for calculating the severity of vulnerability information. Cenzic's risk metrics are subject to change without notice. The vulnerabilities selected for this alert were chosen due to one or more of the following factors: (origin) the vulnerability could be exploited by unauthenticated remote users, (boundary) the vulnerability would allow privilege escalation upon a successful attack, (popularity) the software is widely used or deployed, (criticality) the vulnerability fits the profile of the critical areas identified by OWASP, CSI, SANS, or other sources. That a particular vulnerability is rated as severe does not imply negligence on part of the author/maintainer/vendor of the affected software.

Cenzic has taken immediate steps to ensure that users of Cenzic Hailstorm are proactively alerted against these and other serious security vulnerabilities. CIA monitors security vulnerability information as it is released to ensure that Hailstorm provides up-to-date, comprehensive, detection and remediation of the most severe application security vulnerabilities.

About Cenzic Intelligent Analysis (CIA) Research

The Cenzic Intelligent Analysis (CIA) team specializes in the continuous research into application vulnerabilities and the latest tools and techniques used within the field of application security. The CIA team monitors the latest vulnerabilities and trends affecting application security by tracking Internet newsgroups, forums, mailing lists, and underground websites where vulnerability information is released. In addition to its research focus, CIA experts also perform vulnerability assessment, penetration testing, and security testing.

Cenzic has dedicated experts whose sole job is to perform ongoing research to not only analyze known vulnerabilities but also discover new or undisclosed vulnerabilities in custom, commercial, and open-source applications, and to make this information available to customers and to the community at large in the form of publications and security alerts. Cenzic Hailstorm is updated similar to anti-virus on a regular basis with new vulnerability information to give customers an advantage in staying ahead of new vulnerabilities.

About Cenzic

Cenzic provides Hailstorm®, the breakthrough enterprise software suite for automated application security assessment and compliance that allows corporations and government organizations to dramatically improve the security of commercial and custom applications. While automating the penetration testing process for web applications, Hailstorm enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, and verify compliance with security policies. Benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic's customers are currently in the financial services and e-marketplace sectors. For more information visit www.cenzic.com.

Contact Information