Next Page >>
web services
How to determine if the installation is affected
Using Windows Explorer, go to the directory
"<D2D_HOME>\TOMCAT\webapps\WebServiceImpl", and look for the existence
of a folder called "axis2-web".
Solution
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory 2010-006: SAP J2EE Web Services Navigator
Cross-Site Scripting
This advisory can be downloaded in PDF format from
http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you
will gain access to beforehand information on upcoming advisories,
1. Integrated Solutions Console XSS vulnerability.
WAS Samples:
2. PlantsByWebSphere Sample multiple XSS vulnerabilities.
3. JAX-WS Web Services MTOM Sample XSS vulnerability.
4. JAX-WS Web Services Ping and Echo Sample multiple XSS vulnerabilities.
5. Dynamic Query - Employee Finder Sample multiple XSS vulnerabilities.
6. Dynamic Query - EJB Data Mediator Service Sample XSS vulnerability.
7. Application Profile - Account Management Sample multiple XSS vulnerabilities.
8. Scheduler Account Report Sample multiple XSS vulnerabilities.
How to determine if the installation is affected
Using Windows Explorer, go to the directory
"<D2D_HOME>\TOMCAT\webapps\WebServiceImpl", and look for the existence
of a folder called "axis2-web".
Solution
Computer Associates ARCserve D2D r15 Web Service Apache Axis2 World Accessible Servlet
Code Execution Vulnerability Poc
product homepage:
https://support.ca.com/phpdocs/0/8363/support/arcserved2d_support.html
vulnerability:
The Tomcat Server, which listens for incoming connections on port 8014,
carries a world accessible Apache Axis2 Web Service with default credentials.
Also, the web service port is added to firewall exceptions, allowing all
public TrustHostModel getLocalHost()
throws BusinessLogicException, ServiceConnectException, ServiceInternalException
{
try
{
TrustedHost trustedhost = getLocalWebServiceClient().getLocalHostAsTrust();
TrustHostModel trusthostmodel = ConvertToModel(trustedhost);
return trusthostmodel;
}
catch(AxisFault axisfault)
{
Information Quality TechnologyEnabled
Information,e-Learning, e-Commerce, e-Business, e-Government, e-Society,
System Design and Security
for e-Services, Synchronizing e-Security
5. Multimedia and Web Services
Intelligent Multimedia and its Data Management, Multimedia Information
Systems, Multimedia
Security, Web Databases, Web Metrics and its Applications, Web Mining
including Web Intelligence
and Web 3.0., Web Services, XML and other extensible languages, Semantic
===============
1) Introduction
===============
WS_FTP Server Manager (aka WS_FTP WebService) is the web administration
interface of the IpSwitch WS_FTP server and runs by default on port 80.
#######################################################################
- Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow
- Description
The Check Point Firewall-1 PKI Web Service, running by default on TCP
port 18264, is vulnerable to a remote overflow in the handling of very
long HTTP headers. This was discovered during a pen-test where the
client would not allow further analysis and would not provide the full
product/version info. Initial testing indicates the 'Authorization'
and 'Referer' headers were vulnerable.
Implementations
* Digital Forensics and Crimes
* Biometrics
* Cyber Security
Multimedia and Web Services:
* Intelligent Multimedia and its Data Management
* Multimedia Information Systems
* Multimedia Security
* Web Databases
* Web Metrics and its Applications
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ZDI-12-023 : Total Defense Suite UNC Management Web Service Database
Credentials Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-023
February 8, 2012
- -- CVE ID:
* Release date: => [ '24 June 2010' ]
* Impact => [ 'Successful exploitation of this vulnerability may
lead to remote administrative interface to accept a Session Hijacking' ]
Axis2 [1] claims to be a Web Services / SOAP / WSDL engine, the
successor to the widely used Apache Axis SOAP stack. Nowadays, there are
two implementations of the Apache Axis2 Web services engine - Apache
Axis2/Java and Apache Axis2/C.
We have found a Session Fixation Vulnerability [2][3] in Apache Axis2.
software projects.
This advisory covers a critical security issue that has recently been
fixed in the Bugzilla code:
* Even with account creation disabled, users can use the WebService to
create an account.
We strongly advise that 2.23.x and 3.0.x users upgrade to 3.0.2
immediately. Users of CVS HEAD or 3.1.1 should upgrade to 3.1.2
immediately. This is critical if you have a "requirelogin" installation
ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-126
April 13, 2011
-- CVE ID:
CVE-2011-1654
-- CVSS:
staging-module-installation-and-configuration-guide.pdf
Vulnerability overview/description:
-----------------------------------
The Staging Webservice (normally found in "/sitecore modules/staging/
service/api.asmx") used for transmitting files between the Sitecore
Master and Slave Server is vulnerable to authentication bypass and
therefore
* files can be uploaded in arbitrary directories on the server
* files can be downloaded from arbitrary directories on the server
The SAP BusinessObjects product contains a module (dswsbobje.war) which
deploys Axis2 with an administrator account which is configured with a
static password. As a result, anyone with access to the Axis2 port can
gain full access to the machine via arbitrary remote code execution.
This requires the attacker to upload a malicious web service and to
restart the instance of Tomcat. This issue may apply to other products
and vendors that embed the Axis2 component. The username is "admin" and
the password is "axis2", this is also the default for standalone Axis2
installations.
Liferay 6.1 json webservices are subject to cross-site request forgery attacks
Description:
Liferay Portal is an enterprise portal written in Java
If a user is currently logged in to the portal (or has ticked the
remember me box) then with a
little help of social engineering (like sending a link via
email/chat), an attacker can read most
* PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
* Implications of, and Technologies for, Lawful Surveillance
* Network Enabled Operations
* Biometrics, National ID Cards, Identity Theft
* Digital forensics
* PST and Web Services / SOA
* Information Filtering, Data Mining & Knowledge from Data
* Privacy, Traceability, and Anonymity
* National Security and Public Safety
* Trust and Reputation in Self-Organizing Environments
* Security Metrics
using the guided form.
+ When using email_in.pl, insufficiently escaped data may be passed to
sendmail.
+ Users using the WebService interface may access Bugzilla's
time-tracking fields even if they normally cannot see them.
We strongly advise that 2.20.x and 2.22.x users should upgrade to 2.20.5
and 2.22.3 respectively. 3.0 users, and users of 2.18.x or below, should
upgrade to 3.0.1.
Trustwave's SpiderLabs Security Advisory TWSL2010-002
Web Service Hijacking in VMWare WebAccess
https://www.trustwave.com/spiderlabs/advisories/TWSL2010-002.txt
Published: 2010-03-30 Version: 1.0
Vendor: VMware, Inc (http://www.vmware.com)
Product: VMWare VirtualCenter, VMWare ESX
Versions affected: VirtualCenter 2.5, 2.0.x, ESX 3.5, ESX 3.0.x
to execute arbitrary code (CVE-2009-1097).
A buffer overflow in GIF images handling allows remote attackers to
execute arbitrary code via an crafted GIF image (CVE-2009-1098).
A flaw in the Java API for XML Web Services (JAX-WS) service endpoint
handling allows remote attackers to cause a denial of service on the
service endpoint's server side (CVE-2009-1101).
A flaw in the Java Runtime Environment Virtual Machine code generation
allows remote attackers to execute arbitrary code via a crafted applet
* PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
* Implications of, and Technologies for, Lawful Surveillance
* Network Enabled Operations
* Biometrics, National ID Cards, Identity Theft
* Digital forensics
* PST and Web Services / SOA
* Information Filtering, Data Mining & Knowledge from Data
* Privacy, Traceability, and Anonymity
* National Security and Public Safety
* Trust and Reputation in Self-Organizing Environments
* Security Metrics
ApacheCon welcomes submissions for security-focused trainings and
presentations related to the following areas and topics:
* ASF-wide projects such as HTTP Server, Jakarta, Tomcat, Geronimo,
Harmony, SpamAssassin, Portals, and Web Services
* General Web security and secure Web development
* Scripting languages and dynamic content such as Java, Perl,
Python, Ruby, and PHP
* Case studies demonstrating the use of Apache software
It is possible to mitigate the administration interface file access
vulnerability (IronPort Bug 65921) by using the IP address
restriction feature of the administration interface to limit access
to trusted hosts. Access to the administration interface is not
restricted by default. To configure access limits, an administrator
should navigate to "Configuration -> Web Services -> Admin -> Console
Security" area in the Cisco IronPort Encryption Appliance
administration interface.
It is possible to workaround the remote code execution vulnerability
(IronPort Bug 65923) by disabling HTTP Invoker in the Cisco IronPort
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ZDI-12-024 : Total Defense Suite UNC Management Web Service
uncsp_ViewReportsHomepage SQL Injection Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-024
February 8, 2012
- -- CVE ID:
<?php
/*
Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration
Web Service getSubKeys() Remote SQL Injection Exploit
tested against:
Microsoft Windows Server 2003 r2 sp2
Microsoft SQL Server 2005 Express
download uri:
- Web Application Security countermeasures
- Web Application Security Testing
- Web Services, XML and Application Security
- Anything else relating to OWASP and Application Security
* PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
* Implications of, and Technologies for, Lawful Surveillance
* Network Enabled Operations
* Biometrics, National ID Cards, Identity Theft
* Digital forensics
* PST and Web Services / SOA
* Information Filtering, Data Mining & Knowledge from Data
* Privacy, Traceability, and Anonymity
* National Security and Public Safety
* Trust and Reputation in Self-Organizing Environments
* Security Metrics
to execute arbitrary code (CVE-2009-1097).
A buffer overflow in GIF images handling allows remote attackers to
execute arbitrary code via an crafted GIF image (CVE-2009-1098).
A flaw in the Java API for XML Web Services (JAX-WS) service endpoint
handling allows remote attackers to cause a denial of service on the
service endpoint's server side (CVE-2009-1101).
A flaw in the Java Runtime Environment Virtual Machine code generation
allows remote attackers to execute arbitrary code via a crafted applet
Application/OS: Microsoft Windows SharePoint Services 2.0
Topic: A stored Cross Site Scripting (XSS) attack is possible
in Microsoft SharePoint Services 2.0 via picture object
source when adding a picture object to a page.
Vendor Status: Not Notified
Attributes: XSS, Web Service, Microsoft Tuesday
Advisory URL: http://www.caughq.org/advisories/CAU-2008-0002.txt
Author/Email: OneIdBeagl3 <oneidbeagl3 (at) caughq.org>
===============/========================================================
Overview
Next Page>>
|
