Top Five Web Application Vulnerabilities 3/22/09 - 4/12/09 - Top Web Vulnerabilities -
Top Web Vulnerabilities » Top Five Web Application Vulnerabilities 3/22/09 - 4/12/09
Top Five Web Application Vulnerabilities 3/22/09 - 4/12/09

1) IBM BladeCenter Advanced Management Module Multiple Remote Vulnerabilities

The IBM BladeCenter Advanced Management Module is susceptible to several vulnerabilities including Cross-Site Scripting, HTML Injection, information disclosure, and Cross-Site Request Forgery.  Successful exploitation could give an attacker the means to access sensitive information, steal cookie-based authentication credentials, and perform actions as an authenticated user. Updates which resolve these issues are available. Contact the vendor for additional information.

http://www.securityfocus.com/bid/34447

2) IBM WebSphere Application Server for z/OS Multiple Vulnerabilities

IBM WebSphere Application Server for z/OS is susceptible to Cross-Site Scripting and a file permissions vulnerability. An attacker can leverage Cross-Site Scripting to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. The file permission vulnerability can be exploited to gain write access to certain files, which could possibly affect the integrity of the system and lead to other more damaging attacks. Fixes which address these vulnerabilities have been released. Contact the vendor for more information.

http://www.securityfocus.com/bid/34259

3) SAP MaxDB 'webdbm' Multiple Cross Site Scripting Vulnerabilities

SAP MaxDB is susceptible to multiple instances of Cross-Site Scripting.  Cross-Site Scripting occurs when dynamically generated web pages display user input, such as login information, that is not properly validated, allowing an attacker to embed malicious scripts into the generated page and then execute the script on the machine of any user that views the site. The vendor has reportedly released a replacement for the vulnerable process. Contact the vendor for further details.

http://www.securityfocus.com/bid/34319

4) Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability

The Apache 'mod_perl' module is susceptible to a Cross-Site Scripting vulnerability. Successful exploitation can give an attacker the means to steal cookie-based authentication credentials and execute code in the browsers of unsuspecting users. The vendor has released a fix through the SVN repository. Contact the vendor for more information.

http://www.securityfocus.com/bid/34383

5) Sun Java System Calendar Server Multiple Cross Site Scripting Vulnerabilities

Sun Java System Calendar Server is susceptible to multiple instances of Cross-Site Scripting. These vulnerabilities can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. Fixes which address these vulnerabilities have been released. Contact the vendor for additional details.

http://www.securityfocus.com/bid/34153
http://www.securityfocus.com/bid/34152

Posted 04-13-2009 8:17 PM by mark.painter
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems