Top Five Web Application Vulnerabilities 3/12/07 - 3/25/07 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 3/12/07 - 3/25/07
Top Five Web Application Vulnerabilities 3/12/07 - 3/25/07

1) Oracle Application Server DMS Cross Site Scripting Vulnerability

Oracle Application Server is susceptible to a Cross-Site Scripting vulnerability. Cross-Site Scripting vulnerabilities can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. A fix has not yet been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/23102

2) Oracle Portal P_OldURL Parameter Cross-Site Scripting Vulnerability

Oracle Portal is susceptible to a Cross-Site Scripting vulnerability. If successfully exploited, this vulnerability could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. A fix has not yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/22999


3) Multiple Cisco Products Online Help Cross Site Scripting Vulnerability

Multiple Cisco products contain a Cross-Site Scripting vulnerability in their online help. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. An advisory which addresses this issue has been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/22982


4) IBM WebSphere Application Server Source Code Disclosure Vulnerability

IBM WebSphere Application Server is susceptible to a source code-disclosure vulnerability. A remote attacker can obtain potentially sensitive JSP source code by submitting malformed HTTP requests to the server. This would likely expose sensitive information which would lead to further attacks being conducted. A fix has been released. Contact the vendor for further information.

 

http://www.securityfocus.com/bid/22991/


5) Apache HTTP Server Tomcat Directory Traversal Vulnerability

Apache HTTP servers running with the Tomcat servlet container are susceptible to a directory-traversal vulnerability that will allow a remote attacker to access arbitrary files in the Tomcat webroot. This would likely expose sensitive information which would lead to further attacks being conducted. Fixes which address this issue have been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/22960




Posted 03-27-2007 5:01 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems