Top Five Web Application Vulnerabilities 8/2/2010 - 8/15/2010

1) HP OpenView Network Node Manager 'OvJavaLocale' Cookie Value Remote Code Execution Vulnerability

 

HP OpenView Network Node Manager is susceptible to a remote code execution vulnerability because of a failure of the application to properly sanitize user-supplied input. Successful exploitation would give an attacker the means to run arbitrary code with the privileges of the user running the web server. Updates which resolve this vulnerability are available. Contact the vendor for additional information.

 

http://www.securityfocus.com/bid/42154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2709

 

2) IBM WebSphere Service Registry and Repository Multiple Cross-Site Scripting Vulnerabilities

 

IBM WebSphere Service Registry and Repository is susceptible to multiple Cross-Site Scripting vulnerabilities. These vulnerabilities can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. Updates which resolve these vulnerabilities are available. Contact the vendor for further details.

 

http://www.securityfocus.com/bid/42281

 

3) Apache SLMS Insufficient Quoting Cross-Site Request Forgery Vulnerability

 

Apache SLMS is susceptible to a Cross-Site Request Forgery vulnerability. Cross-Site Request Forgery leverages the trust a web application places in a user to make authenticated requests to a target site for which the user is logged in, and can be used to abuse any type of functionality the target web application contains. Updates which resolve this vulnerability are available. Contact the vendor for more information. 

 

http://www.securityfocus.com/bid/42121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1325

 

4) Adobe ColdFusion CVE-2010-2861 Unspecified Directory Traversal Vulnerability

 

Adobe ColdFusion is susceptible to a Directory Traversal vulnerability. Successful exploitation would give an attacker access to sensitive information which could likely be utilized in conducting more damaging attacks. Updates which resolve this vulnerability are available. Contact the vendor for more details.

 

http://www.securityfocus.com/bid/42342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2861


5) Bugzilla Multiple Vulnerabilities

 

Bugzilla is susceptible to vulnerabilities including a security bypass issue, several instances of information disclosure, and multiple denial-of-service attacks. Successful exploitation can reveal sensitive information, give unintended access to malicious users, and deny legitimate users access to the application. Updates which resolve these vulnerabilities are available. Contact the vendor for further information.

 

http://www.securityfocus.com/bid/42275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2759

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation