Top Five Web Application Vulnerabilities 5/26/08 - 6/08/08 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 5/26/08 - 6/08/08
Top Five Web Application Vulnerabilities 5/26/08 - 6/08/08

1) Apache Tomcat Host Manager Cross-Site Scripting Vulnerability

Apache Tomcat Host Manager is susceptible to Cross-Site Scripting. If exploited, this vulnerability could give an attacker the means to perform account hijacking, execute malicious scripts, or steal proprietary information. A fix is available in the SVN repository. Contact the vendor for more information.

http://www.securityfocus.com/bid/29502

2) Sun Java System Web Server Advanced Search Mechanism Cross-Site Scripting Vulnerability

Sun Java System Web Server  is susceptible to Cross-Site Scripting. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. Fixes which resolve this issue have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/29355

3) Xerox DocuShare Multiple Cross-Site Scripting Vulnerabilities

Xerox DocuShare is susceptible to multiple instances of Cross-Site Scripting. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. A vendor-supplied patch has not yet been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/29430

4) Mambo Multiple Vulnerabilities

Mambo (prior to 4.6.4) is susceptible to multiple vulnerabilities including SQL Injection and HTTP Response Splitting. SQL Injection can give an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. HTTP Response splitting can be used to break responses into multiple parts and conduct other types of attacks including Cross-Site Scripting and web cache poisoning. These issues have been resolved in Mambo 4.6.4. Contact the vendor for more details.

 http://www.securityfocus.com/bid/29373

5) Sun Java ASP Server Multiple Directory Traversal Vulnerabilities

Sun Java ASP Server is susceptible to multiple directory traversal vulnerabilities. Successful exploitation would give an attacker the means to view or delete arbitrary files with the privileges of the web server process. Information gained through these methods would likely lead to more damaging attacks. Fixes which resolve these vulnerabilities have been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/29538

 

 

Posted 06-10-2008 2:13 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems