Next Page >>
Web Applications
____________________________________________________________________________
Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.
____________________________________________________________________________
An advisory by EnableSecurity.
Trustwave published a joint advisory named TWSL2009-001
ID: ES-20090500
Severity : High
Local/Remote : Remote
[Vulnerability Details]
Modsecurity is an Open source Web Application firewall which runs as an Apache
module. It has a comprehensive set of rules called 'ModSecurity Core
Rules' for common web application
attacks like SQL Injection, Cross-Site Scripting etc.
It is possible to bypass the ModSecurity Core Rules due to the
444
Introduction:
=============
The Barracuda Web Application Firewall provides superior protection against hackers’ attempts to exploit vulnerabilities
in Web sites or Web applications to steal data, cause denial of service or deface Web sites. By integrating application
delivery capabilities, the Barracuda Web Application Firewall is an affordable and comprehensive application firewall
that can secure Web applications, as well as increase their performance and availability.
Trustwave's SpiderLabs Security Advisory TWSL2011-006:
IBM Web Application Firewall Bypass
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt
Published: 2011-06-21
Version: 1.0
Vendor: IBM
Product: IBM Web Application Firewall
(sorry for the span and for receiving multiple copies of this)
Best regards,
2nd. OWASP Ibero-American Web-Applications Security conference 2010 (IBWAS’10)
ISCTE – Lisbon University Institute
25th – 26th November 2010
Lisboa, Portugal
http://www.ibwas.com
http://rgaucher.info
Andres Riancho wrote:
> List,
>
> Moth is a VMware image with a set of vulnerable Web Applications and
> scripts, that you may use for:
> - Testing Web Application Security Scanners
> - Testing Static Code Analysis tools (SCA)
> - Giving an introductory course to Web Application Security
>
CSS10-01: Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability
April 5, 2010
BACKGROUND
==========
The Imperva SecureSphere Web Application Firewall protects web
applications and sensitive data against sophisticated attacks and
brute force attacks, stops online identity theft, and prevents data
leaks from applications. The Imperva SecureSphere Database Firewall
monitors and proactively protects databases from internal abuse,
Introduction
Internet security threats are migrating from pure network-level attacks
to web server and web application attacks. The web application itself
has become the new security perimeter, and is wide open to the new
generation of attacks. That's the reason why is very important for IT
security staff to have cutting- edge knowledge of web application
security vulnerability testing techniques and tools.
Security Advisory
---------------------------------------
Vulnerable Software: Artofdefence Hyperguard Web Application Firewall
Vulnerable Version: 3 branches: prior to 3.1.1-11637; prior to
3.0.3-11636; prior to 2.5.5-11635 (Apache Plug-in)
Homepage: http://www.artofdefence.com/
Found by: Michael Kirchner, Wolfgang Neudorfer,
Lukas Nothdurfter (Team h4ck!nb3rg)
Impact: Remote Denial of Service
Security Advisory
---------------------------------------
Vulnerable Software: phion airlock Web Application Firewall
Vulnerable Version: 4.1-10.41
Homepage: http://www.phion.com/
Found by: Michael Kirchner, Wolfgang Neudorfer,
Lukas Nothdurfter (Team h4ck!nb3rg)
Impact: Remote Denial of Service via Management
Interface (unauthenticated) and Command Execution
List,
Moth is a VMware image with a set of vulnerable Web Applications and
scripts, that you may use for:
- Testing Web Application Security Scanners
- Testing Static Code Analysis tools (SCA)
- Giving an introductory course to Web Application Security
The motivation for creating this tool came after reading
"anantasec-report.pdf" which is included in the release file which you
Security Advisory
---------------------------------------
Vulnerable Software: radware AppWall Web Application Firewall
Vulnerable Version: Gateway Version 4.6.0.2 / AppWall Version
1.0.2.6
Homepage: http://www.radware.com/
Found by: Michael Kirchner, Wolfgang Neudorfer,
Lukas Nothdurfter (Team h4ck!nb3rg)
Impact: Source code disclosure on management interface
> Researcher : Mesut Timur <mesut [at] mavitunasecurity [dot] com>
> Advisory Reference : NS-11-004
>
> Description
> ------------------
> Redmine is a flexible project management web application written using
> Ruby on Rails framework.
>
> Details
> -------------------
> Redmine is affected by a XSS vulnerability in versions from 1.0.1 to 1.1.1.
* Software Security: State of the Practice 2008 (Gary McGraw)
Topics
* The OWASP ESAPI project - Dave Wichers
* Trends in Web Hacking Incidents: What's hot for 2008 - Ofer Shezaf
* Evaluation Criteria for Web Application Firewalls - Ivan Ristic
* HTML5 security - Thomas Roessler
* The OWASP Orizon Project internals - Paolo Perego
* Remo presentation (Input Validation) - Christian Folini
* Best Practices Guide: Web Application Firewalls (OWASP German chapter) -
Alexander Meisel
of PoC code, discussion of fixes, etc.
___________________________________________________________________________
Overview:
Hash tables are a commonly used data structure in most programming
languages. Web application servers or platforms commonly parse
attacker-controlled POST form data into hash tables automatically, so
that they can be accessed by application developers.
If the language does not provide a randomized hash function or the
application server does not recognize attacks using multi-collisions, an
provide patches for the current vulnerable versions with the 2.7.3
ftf4 release before August, but this release was not confirmed yet
(see the timeline for more details). In the meantime, users can
mitigate these flaws by applying these countermeasures:
1. For [CVE-2010-1929 | 40480], establish a Web Application
Firewall rule for limiting the length of the parameters
'EnteredClassID' and 'NewClassName' in POST requests to the URI
'/nps/servlet/webacc/'.
2. For [CVE-2010-1930 | 40485], establish a Web Application
Firewall rule for limiting the length of the parameter 'Tree' in POST
497
Introduction:
=============
osCMax is a powerful e-commerce/shopping cart web application. There are many advantages to using osCMax as your
e-commerce/shopping cart for your web site. It has all the features needed to run a successful internet store
and can be customized to whatever configuration you need. osCmax is community developed software that is free,
open source and hosted on your own web server. It is easy enough to use for small startup stores and feature
rich to support very large operations that need more advanced eCommerce features. There are no artificial limits
placed on the feature set, amount of products or sales amounts which is commonly seen with paid or
Tomcat 6.0.0 to 6.0.32
Tomcat 5.5.0 to 5.0.33
Previous, unsupported versions may be affected
Additionally, these vulnerabilities only occur when all of the following
are true:
a) untrusted web applications are being used
b) the SecurityManager is used to limit the untrusted web applications
c) the HTTP NIO or HTTP APR connector is used
d) sendfile is enabled for the connector (this is the default)
Description:
7. *Technical Description / Proof of Concept Code*
Cross-Site Scripting (commonly referred to as XSS) bugs arise from a web
application's improper encoding or filtering of input obtained from
untrusted sources. These bugs allow an attacker to inject malicious tags
and/or script code that is later executed in the context of a web
browser when the user accesses the vulnerable web site. The injected
code then takes advantage of the trust relationship between the web
browser and the vulnerable web application. Attacks that exploit XSS
Advisory Reference : NS-11-008
Description
------------------
Symphony is a web-based content management system (CMS) that enables
users to create and manage websites and web applications of all shapes
and sizes—from the simplest of blogs to bustling news sites and
feature-packed social networks.
Details
-------------------
> It's the impact of something that makes it a vulnerability no the
> name.
>
>
> GE> Alex Roichman wrote:
>>> Checkmarx Research Lab presents a new attack vector on Web applications. By
>>> exploiting the Regular Expression Denial of Service (ReDoS) vulnerability an
>>> attacker can make a Web application unavailable to its intended users. ReDoS
>>> is commonly known as a “bug” in systems, but Alex Roichman and Adar Weidman
>>> from Checkmarx show how serious it is and how using this technique, various
>>> applications can be “ReDoSed”. These include, among others, Server-side of
>
>
> GE> Alex Roichman wrote:
>>> Checkmarx Research Lab presents a new attack vector on Web applications. By
>>> exploiting the Regular Expression Denial of Service (ReDoS) vulnerability an
>>> attacker can make a Web application unavailable to its intended users. ReDoS
>>> is commonly known as a “bug” in systems, but Alex Roichman and Adar Weidman
>>> from Checkmarx show how serious it is and how using this technique, various
>>> applications can be “ReDoSed”. These include, among others, Server-side of
• Game Consoles
Web 2.0
• Web services
• PHP
• .Net
• Web applications
Networking/Telecommunication
• VoIP
• 3G/3.5G network
• IPv6
• WLAN/WiFi
It is in any case not possible to execute code directly using this
vulnerability as null pointers dereferences in the first page are not
exploitable under modern OSes.
But, if a given third party perl web application was calling one
of the above listed vulnerable functions in a way allowing
parameter injections, while performing a critical operation
requiring some degree of atomicity, it would be possible to
interrupt the execution of this operation before it completes,
hence breaking the business logic assumptions of the web
Description
-----------------------------------
TWiki® is a flexible, powerful, and easy to use enterprise wiki,
enterprise collaboration platform, and web application platform. It is
a Structured Wiki, typically used to run a project development space,
a document management system, a knowledge base, or any other groupware
tool, on an intranet, extranet or the Internet.
############################################################
Microsoft IIS 0Day Vulnerability in Parsing Files (semi-colon bug)
############################################################
#Application: Microsoft Internet Information Services - IIS (All versions)
#Impact: Highly Critical for Web Applications
#Finding Date: April 2007
#Report Date: Dec. 2009
#Found by: Soroush Dalili (Irsdl {4t] yahoo [d0t} com)
#Website: Soroush.SecProject.com
#Weblog: Soroush.SecProject.com/blog/
1. Impact on Business
=====================
By exploiting this vulnerability, an internal or external attacker would be able execute arbitrary remote commands over vulnerable SAP Web Application
Servers, taking complete control of the SAP system.
With these privileges, he would be able to obtain, create, modify and/or delete any business related information stored in the vulnerable SAP system.
- - Risk Level: High
Researcher : Mesut Timur <mesut [at] mavitunasecurity [dot] com>
Advisory Reference : NS-11-004
Description
------------------
Redmine is a flexible project management web application written using
Ruby on Rails framework.
Details
-------------------
Redmine is affected by a XSS vulnerability in versions from 1.0.1 to 1.1.1.
Because other computers are unable to solve the Captcha, any user
entering a correct solution is presumed to be Human.
There are a lot of Captcha implementations out there, written in JSP,
PHP, ASP, .NET which are very poorly implemented and introduce serious
bugs in Web applications they are supposed to protect.
We developed 10 different Captcha implementations, each with its own
weakness, for participants to break using automation and hacking
techniques with the objective of bypassing the human verification process.
renders the XSS protection for the time parameter ineffective. An
attacker can therefore perform an XSS attack using the time attribute.
Mitigation:
6.0.x users should do one of the following:
- remove the examples web application
- apply this patch http://svn.apache.org/viewvc?rev=750924&view=rev
- upgrade to 6.0.19 when released
5.5.x users should do one of the following:
- remove the examples web application
- apply this patch http://svn.apache.org/viewvc?rev=750928&view=rev
Next Page>>
|
