Top Five Web Application Vulnerabilities 5/07/07 - 5/20/07 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 5/07/07 - 5/20/07
Top Five Web Application Vulnerabilities 5/07/07 - 5/20/07

1) Multiple BEA WebLogic Applications Multiple Vulnerabilities

Multiple BEA WebLogic applications are susceptible to a number of vulnerabilities including Cross-Site Scripting, HTML injection, information disclosure, denial-of-service and brute force attacks, directory traversal, and security bypass issues. Successful attacks could lead to a complete compromise of the affected system, theft of authentication credentials, or disclosure of information which could be utilized in conducting more dangerous attacks. A patch which resolves these issues has been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/23979

2) Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities

The Apache Tomcat documentation web application includes a sample application which is prone to multiple instances of Cross-Site Scripting. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. Fixes which address these issues have been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/24058

3) Microsoft SharePoint Server Cross-Site Scripting Vulnerability

Microsoft SharePoint Server is susceptible to a Cross-Site Scripting vulnerability. If successful, Cross-Site Scripting vulnerabilities can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Although unverified as of publication, it is possible that this issue only affects the SharePoint test server. A fix has not yet been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/23832

4)  Novell GroupWise Mobile Server Multiple Vulnerabilities

Novell GroupWise Mobile Server when powered by Nokia Intellisync Mobile Suite is susceptible to multiple vulnerabilities including Cross-Site Scripting and denial-of-service attacks. Successful exploitation may give an attacker the means to obtain sensitive information including authentication credentials or deny access to legitimate users. A fix has not yet been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/23889

5) SquirrelMail Multiple Cross Site Scripting Vulnerabilities

SquirrelMail is susceptible to multiple Cross-Site Scripting vulnerabilities. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. A fix which addresses these issues has been released. Contact the vendor for further information.

http://www.securityfocus.com/bid/23910

Posted 05-22-2007 10:52 AM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems