Top Five Web Application Vulnerabilities 3/2/2009 - 3/21/2009 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 3/2/2009 - 3/21/2009
Top Five Web Application Vulnerabilities 3/2/2009 - 3/21/2009

1) Sun Java System Identity Manager Multiple Vulnerabilities

Sun Java System Identify Manager is susceptible to multiple vulnerabilities including Cross-Site Scripting, information disclosure, and privilege escalation.  Successful exploitation could give an attacker the means to steal cookie-based authentication credentials, perform unauthorized actions, or gain unauthorized access to the affected application. An advisory and updates which resolve these issues have been released. Contact the vendor for further details.

http://www.securityfocus.com/bid/34191

2) Sun Management Center Performance Reporting Module Cross-Site Scripting Vulnerability

Sun Management Center Performance Reporting module is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. Fixes which address this vulnerability have been released. Contact the vendor for additional information.

http://www.securityfocus.com/bid/33999

3) IBM WebSphere Application Server WAR File Information Disclosure Vulnerability

IBM WebSphere Application Server is susceptible to an information disclosure vulnerability. Successful exploitation would give an attacker unauthorized access to sensitive information that could be utilized to escalate his attack methodology and conduct more dangerous attacks.  Fixes which address this vulnerability have been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/34104

4) JBoss Enterprise Application Platform Arbitrary XML File Information Disclosure Vulnerability

JBoss Enterprise Application Platform is susceptible to an arbitrary XML file information disclosure vulnerability.  Remote attackers can leverage this vulnerability to obtain arbitrary XML files with the permission of the EAP process. This could likely aid in orchestration of more damaging attacks. Updates which address this issue have been released. Contact the vendor for further information.

http://www.securityfocus.com/bid/34023

5) WordPress MU 'wp-includes/wpmu-functions.php' Cross-Site Scripting Vulnerability

WordPress MU is susceptible to a Cross-Site Scripting vulnerability. Cross-Site Scripting occurs when dynamically generated web pages display user input, such as login information, that is not properly validated, allowing an attacker to embed malicious scripts into the generated page and then execute the script on the machine of any user that views the site. A new release (WordPress MU 2.7) which addresses this vulnerability has been released. Contact the vendor for more details.

http://www.securityfocus.com/bid/34075

Posted 03-23-2009 8:27 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems