Top Five Web Application Vulnerabilities 6/24/09 - 7/07/09 - The HP Security Laboratory Blog -
The HP Security Laboratory Blog » Top Five Web Application Vulnerabilities 6/24/09 - 7/07/09
Top Five Web Application Vulnerabilities 6/24/09 - 7/07/09

1) IBM Rational ClearQuest CQWeb Server Cross-Site Scripting and Information Disclosure Vulnerabilities

IBM Rational ClearQuest is susceptible to a Cross-Site Scripting and information disclosure vulnerabilities.  These can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, execute malicious code on end user systems, or gain access to sensitive information which could likely be used to conduct more damaging attacks.  Updates which address these issues have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/35490

2) Sun Java Web Console Cross-Site Scripting Vulnerability

Sun Java Web Console is susceptible to a Cross-Site Scripting vulnerability. Cross-Site Scripting can be can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials.  Updates which resolve this issue have been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/35513

3) IBM Tivoli Identity Manager Multiple Cross-Site Scripting Vulnerabilities

IBM Tivoli Identity Manager is susceptible to multiple Cross-Site Scripting vulnerabilities. An attacker can leverage these issues to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. Fixes are available. Contact the vendor for further details.

http://www.securityfocus.com/bid/35566

4) Ruby on Rails 'http_authentication.rb' Nil Credentials Authentication Bypass Vulnerability

Ruby on Rails is susceptible to an authentication bypass vulnerability. An attacker can leverage this vulnerability to gain access to protected resources, likely leading to more damaging attacks. Updates which resolve this vulnerability are available. Contact the vendor for additional details. 

http://www.securityfocus.com/bid/35579

5) Sun Java System Access Manager Cross-Domain Controller (CDC) Cross-Site Scripting Vulnerability

Sun Java System Access Manager is susceptible to a Cross-Site Scripting vulnerability. Cross-Site Scripting occurs when dynamically generated web pages display user input, such as login information, that is not properly validated, allowing an attacker to embed malicious scripts into the generated page and then execute the script on the machine of any user that views the site.  Updates which resolve this issue have been released. Contact the vendor for further information.

http://www.securityfocus.com/bid/35527

Posted 07-08-2009 9:18 PM by mark.painter

Add a Comment

(required)  
(optional)
(required)  
Remember Me?

Type the numbers and letters above:
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems