Top Ten Web Application Vulnerabilities 6/6/2011 - 7/5/2011

1) IBM WebSphere Application Server Administration Console Cross-Site Request Forgery Vulnerability

 

IBM WebSphere Application Server  is susceptible to a Cross-Site Request Forgery vulnerability. Cross-Site Request Forgery relies on a browser to retrieve and execute an attack. It includes a link or script in a page that connects to a site that the user may have recently used. The script then conducts seemingly authorized yet malicious actions on the user’s behalf.  As of this writing a fix has not been released. Contact the vendor for more details.

 

http://www.securityfocus.com/bid/48305

 

2) SAP Netweaver Multiple Vulnerabilities

 

SAP Netweaver is susceptible to multiple vulnerabilities including Cross-Site Scripting, authentication bypass, and information disclosure. An attacker can leverage these vulnerabilities to execute arbitrary code in the browsers of unsuspecting users and gain unauthorized access.  Updates which resolve these vulnerabilities are available. Contact the vendor for additional information.
 
http://www.securityfocus.com/bid/48351

 

3) Adobe ColdFusion Cross-Site Request Forgery Vulnerability

 

Adobe ColdFusion is susceptible to a Cross-Site Request Forgery vulnerability.   Cross-Site Request Forgery leverages the trust a web application places in a user to make authenticated requests to a target site for which the user is logged in, and can be used to abuse any type of functionality the target web application contains. Updates which resolve this vulnerability are available. Contact the vendor for more information.
 
http://www.securityfocus.com/bid/48271

 

4) Ruby on Rails Multiple Cross-Site Scripting Filter Security Bypass Weaknesses

 

Ruby on Rails is susceptible to multiple instances of Cross-Site Scripting. If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Updates which resolve these vulnerabilities are available. Contact the vendor for additional details.
 
http://www.securityfocus.com/bid/48169

 

5) IBM Rational Team Concert Multiple Cross-Site Scripting Vulnerabilities

 

IBM Rational Team Concert is susceptible to multiple Cross-Site Scripting vulnerabilities.  Cross-Site Scripting can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials. Updates which resolve these issues are available. Contact the vendor for further details.
 
http://www.securityfocus.com/bid/48356

 

6) Trend Micro Data Loss Prevention Directory Traversal Vulnerability

 

Trend Micro Data Loss Prevention is susceptible to a Directory Traversal vulnerability. Successful exploitation would give an attacker the means to  gain possible access to sensitive information or even completely compromise the affected system. As of this writing a fix has not yet been released. Contact the vendor for more information.

 
http://www.securityfocus.com/bid/48225

 

7) IBM Web Application Firewall Security Bypass Vulnerability

 

IBM Web Application Firewall is susceptible to a security bypass vulnerability that will give an attacker the means to bypass restrictions and perform unauthorized actions. As of this writing a fix has not yet been released. Contact the vendor for more information.
 
http://www.securityfocus.com/bid/48370

 

8) HP Service Manager and Service Center Multiple Vulnerabilities

 

HP Service Manager and Service Center are susceptible to multiple vulnerabilities including HTML Injection and Cross-Site Scripting. Successful exploitation of these vulnerabilities could be used to alter how the site appears, steal authentication credentials, or execute malicious scripts in the browsers of unsuspecting users. Updates which resolve these vulnerabilities are available. Contact the vendor for additional details.

 

http://www.securityfocus.com/bid/48168

 

9)  Fujitsu Accela BizSearch Cross-Site Scripting Vulnerability

 

Fujitsu Accela BizSearch  is susceptible to Cross-Site Scripting. Arbitrary script code can be executed in context of the affected site in the browsers of unsuspecting users if this vulnerability is successfully exploited. An update which resolves this issue is available. Contact the vendor for more information.
 
http://www.securityfocus.com/bid/48497

 

10) IBM Tivoli Directory Server Log File Information Disclosure Vulnerability

 

IBM Tivoli Directory Server is susceptible to an information disclosure vulnerability. Attacks can leverage this vulnerability to gain access to information which will likely allow them to escalate their attack methodology.  Updates which resolve this issue are available. Contact the vendor for additional information.
 
http://www.securityfocus.com/bid/48512

Comments
BradC | ‎07-06-2011 02:58 PM

Wonderful post!

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.