Top Five Web Application Vulnerabilities 4/14/08 - 4/27/08

Published 28 April 08 04:08 PM | mep 

1) IBM Lotus Expeditor URI Handler Command Execution Vulnerability

IBM Lotus Expeditor is susceptible to a remote command-execution vulnerability because user-supplied input is not properly sanitized. Attackers who successfully exploit this issue can execute arbitrary commands in the context of victims who follow malicious URI's.  A fix has not yet been released. Contact IBM for more information.

http://www.securityfocus.com/bid/28926

2) F5 Networks FirePass 4100 SSL VPN 'installControl.php3' Cross-Site Scripting Vulnerability

F5 Networks FirePass 4100 SSL VPN is susceptible to a Cross-Site Scripting vulnerability. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. An update which resolves this vulnerability has been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/28902

3) HP OpenView Network Node Manager Running Apache Multiple Vulnerabilities

HP OpenView Network Node Manager when running Apache is vulnerable to multiple vulnerabilities including Cross-Site Scripting and Denial-of Service attacks. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials,  possibly lead to execution of arbitrary code in the browser of an unsuspecting users, and be used to deny access to legitimate users. Patches which resolve these issues have been released. Contact the vendor for more details.

http://www.securityfocus.com/archive/1/491026

4) Novell GroupWise HTML Injection and Denial-of-Service Vulnerabilities

Novell GroupWise is susceptible to HTML Injection and Denial-of-Service vulnerabilities. HTML Injection can be leveraged to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. Denial-of-Service attacks can be exploited to crash the application and deny access to legitimate users. A fix has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/28944

5) RSA Authentication Agent for Web URI Redirection Vulnerability

RSA Authentication Agent for Web is susceptible to a remote URI-redirection vulnerability because inadequate data sanitization is performed on user-supplied input. Exploitation of this vulnerability could aid in phishing-style attacks. RSA Authentication Agent for Web 5.3.3.378 resolves this issue. Contact the vendor for specific upgrade information.

http://www.securityfocus.com/bid/28907

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

No Comments

Leave a Comment

(required) 
(optional)
(required)