HP Security Products Blog
From applications to infrastructure, enterprises and governments alike face a constant barrage of digital attacks designed to steal data, cripple networks, damage brands, and perform a host of other malicious intents. HP Enterprise Security Products offers products and services that help organizations meet the security demands of a rapidly changing and more dangerous world. HP ESP enables businesses and institutions to take a proactive approach to security that integrates information correlation, deep application analysis and network-level defense mechanisms—unifying the components of a complete security program and reducing risk across your enterprise. In this blog, we will announce the latest offerings from HP ESP, discuss current trends in vulnerability research and technology, reveal new HP ESP security initiatives and promote our upcoming appearances and speaking engagements.

Top Five Web Application Vulnerabilities 5/12/09 - 5/25/09

1) Novell GroupWise WebAccess Multiple Security Vulnerabilities


Novell GroupWise WebAccess is susceptible to multiple vulnerabilities including Cross-Site Scripting and issues of security restriction bypass. Attackers who successfully exploit these vulnerabilities could steal cookie-based authentication credentials, and gain access to sensitive information.   Updates which resolve these vulnerabilities have been released. Contact the vendor for additional information.


http://www.securityfocus.com/bid/35066
http://www.securityfocus.com/bid/35061


2) Sun Java System Portal Server Error Page Cross Site Scripting Vulnerability


Sun Java System Portal Server is susceptible to a Cross-Site Scripting vulnerability. If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Updates which resolve these vulnerabilities have been released. Contact the vendor for further details.


http://www.securityfocus.com/bid/35082


3) Sun Java System Communications Express Multiple Cross-Site Scripting Vulnerabilities


Sun Java System Communications Express is susceptible to multiple instances of Cross-Site Scripting. Cross-Site Scripting occurs when dynamically generated web pages display user input, such as login information, that is not properly validated, allowing an attacker to embed malicious scripts into the generated page and then execute the script on the machine of any user that views the site. Updates which resolve these issues have been released. Contact the vendor for more information.


http://www.securityfocus.com/bid/34154
http://www.securityfocus.com/bid/34155


4) HP System Management Homepage Unspecified Cross Site Scripting Vulnerability


HP System Management Homepage is susceptible to an unspecified Cross-Site Scripting vulnerability. An attacker can leverage Cross-Site Scripting to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. Updates which resolve this issue have been released. Contact the vendor for additional details.


http://www.securityfocus.com/bid/35031


5) phpMyAdmin 'setup.php' PHP Code Injection Vulnerability


phpMyAdmin is susceptible to a PHP Code Injection vulnerability. An attacker can leverage this vulnerability to inject and execute arbitrary malicious PHP code in the context of the web server process, which could lead to a compromise of the application and underlying system.  Updates which resolve this issue are available. Contact the vendor for further information.


http://www.securityfocus.com/bid/34236

Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.