Top 10 Web application vulnerabilities
Cenzic, a provider of Web application security vulnerability assessment and risk management solutions, has released their Web Application Security Trends Report – Q1-Q2, 2009.
Among the findings of the report, Cenzic classified the following Web application hacking vulnerabilities as the most severe during the first half of 2009. In no particular order, they are as follows:
phpMyAdmin Configuration File PHP Code Injection: Allows remote attackers to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may compromise the application and the underlying system, and open the system to further attacks.
SAP cFolders Cross Site Scripting and HTML Injection: SAP cFolders are prone to multiple cross-site scripting and HTML-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
Sun Java System Access Manager Cross-Domain Controller (CDC) Cross Site Scripting: Citrix Web Interface Unspecified Cross-Site Scripting; Sun Java System Web Server Reverse Proxy Plug-in Cross-Site Scripting; F5 Networks FirePass SSL VPN ‘password’ Field Cross-Site Scripting:
These systems are prone to cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied data. An attacker may exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness: Apache Tomcat is prone to a username-enumeration weakness because it displays different responses to login attempts, depending on whether or not the username exists. Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.
phpMyAdmin ‘setup.php’ PHP Code Injection Vulnerability: phpMyAdmin is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Multiple Symantec Products Script Injection Vulnerabilities: Multiple Symantec products are prone to multiple script-injection vulnerabilities because the applications fail to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
IBM Tivoli Identity Manager Cross Site Scripting Vulnerabilities: Tivoli Identity Manager is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
Attacker-supplied HTML or JavaScript code could run in an administrator’s browser session in the context of the affected site. This could potentially allow the attacker to steal cookie-based authentication credentials; other attacks are also possible.
Other key findings
- Looking at the various classes of vulnerabilities, SQL Injection and Cross Site Scripting (XSS) vulnerabilities continued to dominate with 25% and 17% respectively.
- Authorization and Authentication vulnerabilities were higher at about 14 % of total Web vulnerabilities followed by Directory Traversal at 12%.
- Sun Java, PHP, and Apache continue to be among the top 10 vendors having the most severe vulnerabilities for the first half of 2009.
Top 10 web vulnarabilities – discussion
Loading ...