HP Security Products Blog
From applications to infrastructure, enterprises and governments alike face a constant barrage of digital attacks designed to steal data, cripple networks, damage brands, and perform a host of other malicious intents. HP Enterprise Security Products offers products and services that help organizations meet the security demands of a rapidly changing and more dangerous world. HP ESP enables businesses and institutions to take a proactive approach to security that integrates information correlation, deep application analysis and network-level defense mechanisms—unifying the components of a complete security program and reducing risk across your enterprise. In this blog, we will announce the latest offerings from HP ESP, discuss current trends in vulnerability research and technology, reveal new HP ESP security initiatives and promote our upcoming appearances and speaking engagements.

Top Five Web Application Vulnerabilities 7/20/09- 8/2/09

1) Hitachi Multiple Business Logic Products Unspecified Cross-Site Scripting Vulnerability

Multiple Hitachi Business Logic products are susceptible to a Cross-Site Scripting vulnerability. If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. An advisory and updates which address this issue have been released. Contact the vendor for additional information.


2) IBM Tivoli Identity Manager Session Fixation Vulnerability

IBM Tivoli Identity Manager is susceptible to a session fixation vulnerability.  Victims who are enticed into visiting a malicious URI can have their session hijacked and give an attacker unauthorized access to the application. A fix has been released. Contact the vendor for further details.


3) Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability

Apache HTTP Server is susceptible to an HTTP-Basic authentication bypass vulnerability.  Successful exploitation will give an attacker access to protected resources, likely leading to more damaging attacks.  A fix has not yet been released. Contact the vendor more information.


4) WordPress Multiple Cross-Site Scripting Vulnerabilities

WordPress is susceptible to multiple instances of Cross-Site Scripting. These vulnerabilities can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials.   A fix has not yet been released for the 'wp-comments-post.php' issue, while a patch that resolves the Comment Author URI issue is available. Contact the vendor for additional information.


5) Bugzilla 'show_bug.cgi' Information Disclosure Vulnerability

Bugzilla is susceptible to an information disclosure vulnerability. Successful exploitation would give an authenticated attacker access to sensitive information, and would likely lead to more damaging attacks.  A fix has been released. Contact the vendor for more details.


Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Showing results for 
Search instead for 
Do you mean 
About the Author
Top Kudoed Posts

Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.