Latest news
Top 10 vulnerabilities in Web applications in Q1 2007
Posted on 22 May 2007.
Cenzic released its Application Security Trends Report - Q1 2007 with some alarming findings. The report provides a thorough analysis of reported vulnerabilities, including the most threatening, Web application probes, attack statistics and key findings. While this report highlights the Top 10 vulnerabilities in commercial and open source applications, Cenzic believes that the problem is much worse if you factor in proprietary home grown applications, as these typically contain a large number of vulnerabilities.
In this study, Cenzic identified 1,561 unique vulnerabilities during the first quarter of 2007. Of the reported vulnerabilities, file inclusion, SQL injection, cross-site scripting and directory traversal were the most prevalent, totaling 63 percent. The majority of vulnerabilities affected Web servers, Web applications and Web browsers, with Cenzic classifying the bulk as easily exploitable.
Top Ten Vulnerabilities in Commercial and Open Source Web Applications from Q1 2007:
- Adobe Acrobat Reader Cross-Site Scripting and Code Execution Several vulnerabilities were reported, including the ability for a remote user to cause arbitrary code to execute on the target user's system as well as conduct cross-site scripting attacks.
- Google Desktop Cross-Site Scripting Multiple vulnerabilities were discovered in Google Desktop that permit a remote attacker to conduct cross-site scripting attacks, allowing access to data on the user's system.
- IBM Websphere HTTP Response Splitting Versions of IBM Websphere are vulnerable to HTTP Response splitting attacks, leaving open the possibility of poison Web caches, spoof content or conduct cross-site scripting attacks.
- Lotus Domino Web Access Cross-Site Scripting - The Active Content Filter feature failed to properly filter script code from user-supplied input within e-mail messages prior to displaying those messages to the user. As a result, a remote attacker could cause arbitrary script code to execute in a victim's browser by sending a maliciously crafted e-mail message.
- PHP Nested Array Denial of Service In PHP processing, a recursion bug of deeply nested arrays can allow a remote attacker to conduct a denial of service attack against PHP installations, which could lead to a server crash.
- PHP Multiple Buffer Overflows and Denial of Service Multiple vulnerabilities included several severe vulnerabilities that could allow a remote attacker to execute arbitrary code on affected servers.
- IBM Rational ClearQuest Cross-Site Scripting A cross-site scripting vulnerability in IBM Rational ClearQuest Web 7.0.0.0 allows remote attackers to inject arbitrary script code via an attachment to defect log submission.
- Sun Java Access Manager Multiple Vulnerabilities Multiple cross-site scripting vulnerabilities were reported in the Sun Java Access Manager allowing remote hackers the ability to inject HTML as well as other forms of script code and perform privilege escalation via session cookie theft as well as various content spoofing and other browser-based attacks.
- Apache Tomcat Buffer Overflow A buffer overflow in the Apache Tomcat JK Web Server Connector allows a remote attacker to execute code on any server running a vulnerable version of Apache Tomcat.
- BEA WebLogic Buffer Overflow and Multiple Vulnerabilities Multiple vulnerabilities were discovered, ranging from remote code execution via buffer overflows through various denial of service and information disclosure attacks.
As part of the study, Cenzic incorporated findings from Cenzic ClickToSecure, their leading-edge security assessment and penetration testing service (SaaS), and research from Cenzic Intelligent Analysis (CIA) Labs. Some of the key findings from include:
- More than seven of 10 analyzed Web applications engaged in insecure communication practices that could potentially lead to the exposure of sensitive or confidential user information during transactions.
- Architectural flaws, design flaws and insecure application configurations are still common culprits in the exposure of sensitive user information.
-Cross-site scripting was the most common injection flaw, with seven out of 10 Web applications vulnerable to this type of attack.
- Roughly two in every 10 applications were found to be vulnerable to SQL injection attacks.
- Approximately 50 percent of all applications failed to properly implement structured exception handling.
- More than 70 percent of all Web forms analyzed were vulnerable to cross-fame scripting attacks.
In this study, Cenzic identified 1,561 unique vulnerabilities during the first quarter of 2007. Of the reported vulnerabilities, file inclusion, SQL injection, cross-site scripting and directory traversal were the most prevalent, totaling 63 percent. The majority of vulnerabilities affected Web servers, Web applications and Web browsers, with Cenzic classifying the bulk as easily exploitable.
Top Ten Vulnerabilities in Commercial and Open Source Web Applications from Q1 2007:
- Adobe Acrobat Reader Cross-Site Scripting and Code Execution Several vulnerabilities were reported, including the ability for a remote user to cause arbitrary code to execute on the target user's system as well as conduct cross-site scripting attacks.
- Google Desktop Cross-Site Scripting Multiple vulnerabilities were discovered in Google Desktop that permit a remote attacker to conduct cross-site scripting attacks, allowing access to data on the user's system.
- IBM Websphere HTTP Response Splitting Versions of IBM Websphere are vulnerable to HTTP Response splitting attacks, leaving open the possibility of poison Web caches, spoof content or conduct cross-site scripting attacks.
- Lotus Domino Web Access Cross-Site Scripting - The Active Content Filter feature failed to properly filter script code from user-supplied input within e-mail messages prior to displaying those messages to the user. As a result, a remote attacker could cause arbitrary script code to execute in a victim's browser by sending a maliciously crafted e-mail message.
- PHP Nested Array Denial of Service In PHP processing, a recursion bug of deeply nested arrays can allow a remote attacker to conduct a denial of service attack against PHP installations, which could lead to a server crash.
- PHP Multiple Buffer Overflows and Denial of Service Multiple vulnerabilities included several severe vulnerabilities that could allow a remote attacker to execute arbitrary code on affected servers.
- IBM Rational ClearQuest Cross-Site Scripting A cross-site scripting vulnerability in IBM Rational ClearQuest Web 7.0.0.0 allows remote attackers to inject arbitrary script code via an attachment to defect log submission.
- Sun Java Access Manager Multiple Vulnerabilities Multiple cross-site scripting vulnerabilities were reported in the Sun Java Access Manager allowing remote hackers the ability to inject HTML as well as other forms of script code and perform privilege escalation via session cookie theft as well as various content spoofing and other browser-based attacks.
- Apache Tomcat Buffer Overflow A buffer overflow in the Apache Tomcat JK Web Server Connector allows a remote attacker to execute code on any server running a vulnerable version of Apache Tomcat.
- BEA WebLogic Buffer Overflow and Multiple Vulnerabilities Multiple vulnerabilities were discovered, ranging from remote code execution via buffer overflows through various denial of service and information disclosure attacks.
As part of the study, Cenzic incorporated findings from Cenzic ClickToSecure, their leading-edge security assessment and penetration testing service (SaaS), and research from Cenzic Intelligent Analysis (CIA) Labs. Some of the key findings from include:
- More than seven of 10 analyzed Web applications engaged in insecure communication practices that could potentially lead to the exposure of sensitive or confidential user information during transactions.
- Architectural flaws, design flaws and insecure application configurations are still common culprits in the exposure of sensitive user information.
-Cross-site scripting was the most common injection flaw, with seven out of 10 Web applications vulnerable to this type of attack.
- Roughly two in every 10 applications were found to be vulnerable to SQL injection attacks.
- Approximately 50 percent of all applications failed to properly implement structured exception handling.
- More than 70 percent of all Web forms analyzed were vulnerable to cross-fame scripting attacks.
Spotlight
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Is Microsoft is reading your Skype communications?
Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.
Internet Explorer best at blocking malware
Posted on 14 May 2013. | While Chromes malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.
Researcher refuses to help Saudi telco to spy on people
Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.
Malicious browser extensions are hijacking Facebook accounts
Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
