Cenzic Research Lab Names Top Five Critical Web Application Vulnerabilities for February

Cenzic's Intelligent Analysis (CIA)research lab today named the top five most serious web applicationvulnerabilities for the month of February 2006. CIA specializes in thecontinuous research of application vulnerabilities and the development ofremediation strategies to assist customers with their web applicationsecurity needs in enterprise environments.

Cenzic has identified and analyzed the most serious vulnerabilitiesannounced by vendors and other third parties in February. The company's topfive list includes vulnerabilities in many of today's most widely usedbusiness platforms, including Lotus Domino, Symantec Sygate ManagementServer, IBM Tivoli, Domino Web Access, and InfoVista VistaPortal.

Under the auspice of CIA, Cenzic evaluates a wide range of newly discoveredapplication vulnerabilities and prioritizes them based on their severityand potential to impact regulatory compliance, internal policy compliance,information privacy and financial losses. This information is released ona monthly basis and can be used by enterprises as a first step inaddressing the security of custom and commercial web applications.

The CIA team analyzed all web application security vulnerabilitiesdiscovered in February and selected the following for their severity andpotential threat to common, widely used software and business environments:

1. Lotus Domino Directory Traversal and URL/Archive Processing BufferOverflows

[CIA-1042-Alert]

http://www.cenzic.com/cia_research/alerts/index.php

Several vulnerabilities were discovered in Lotus Domino/Notes versions6.5.4 and previous, and in version 7.0. Affected versions allow a remoteuser to execute malicious code by embedding an overly long URL within anemail message. IBM has released patches to eliminate these security issues.Affected users can access IBM support at:http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918

2. Symantec Sygate Management Server SQL Injection Vulnerability

[CIA-1043-Alert]

http://www.cenzic.com/cia_research/alerts/index.php

A vulnerability in the Sygate Management Server (SMS) allows a remoteattacker to inject SQL command to overwrite the administrator password.Symantec's Sygate Management Server versions 4.1 build 1417 and prior arevulnerable to a SQL injection attack that can give an attacker full controlof the system. Affected sites are advised to upgrade to a fixed version,available at:http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html

3.IBM Tivoli Access Manager Directory Traversal Vulnerability

[CIA-1044-Alert]

http://www.cenzic.com/cia_research/alerts/index.php

A vulnerability in the IBM Tivoli Access Manager lets a remotelyauthenticated user access arbitrary files via directory traversal attacks.Versions 5.1.0 and 6.0.0 of the IBM Tivoli Access Manager are vulnerable tothese attacks when the Web Server plug-in component is installed.

IBM has released a security fix for each of the affected platforms, whichcan be accessed at:

-- Fixpack 5.1.0-TIV-WPI-FP0017:

http://www-1.ibm.com/support/docview.wss?uid=swg24011562

-- Fixpack 6.0.0-TIV-WPI-FP0001:

http://www-1.ibm.com/support/docview.wss?uid=swg24011561

4. Domino Web Access Multiple Cross-Site Scripting Vulnerabilities

[CIA-1045-Alert]

http://www.cenzic.com/cia_research/alerts/index.php

A vulnerability in Domino Web Access allows Cross-Site Scripting attacksbecause the client fails to sufficiently sanitize HTML code beforedisplaying this information to the user. As a result it is possible tocraft a malicious email with HTML embedded in the subject line to causethis code to execute in the browser of any user who views the message.Affected enterprises should implement IBM's security fixes, found at www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919

5. InfoVista VistaPortal Discloses Files and Path to Remote Users

[CIA-1046-Alert]

http://www.cenzic.com/cia_research/alerts/index.php

Affected versions of InfoVista VistaPortal are vulnerable to directorytraversal attacks, although the particular variation that successfullyexploits the vulnerability has not been disclosed. VistaPortal runs withroot privileges, thereby allowing access to any file on the server,including files that contain server password configuration for the SolarisOperating System.

Affected sites should apply the InfoVista hotfix (IV00038969) to eliminatethe directory traversal vulnerability.

About Cenzic's Ratings

Cenzic uses a proprietary formula for calculating the severity ofvulnerability information. Cenzic's risk metrics are subject to changewithout notice. The vulnerabilities selected for this alert were chosen dueto one or more of the following factors:

-- Origin: the vulnerability could be exploited by unauthenticated remote users;-- Boundary: the vulnerability would allow privilege escalation upon a successful attack;-- Popularity: the software is widely used or deployed; and-- Criticality: the vulnerability fits the profile of the critical areas identified by OWASP, CSI, SANS, or other sources. That a particular vulnerability is rated as severe does not implynegligence on part of the author/maintainer/vendor of the affectedsoftware.

Cenzic has taken immediate steps to ensure that users of Cenzic Hailstormare proactively alerted against these and other serious securityvulnerabilities. CIA monitors security vulnerability information as it isreleased to ensure that Hailstorm provides up-to-date, comprehensive,detection and remediation of the most severe application securityvulnerabilities.

About Cenzic Intelligent Analysis (CIA) Research

The Cenzic Intelligent Analysis (CIA) team specializes in continuousresearch into application vulnerabilities and the latest tools andtechniques used within the field of application security. The CIA teammonitors the latest vulnerabilities and trends affecting applicationsecurity by tracking Internet newsgroups, forums, mailing lists, andunderground websites where vulnerability information is released, Inaddition to its research focus, CIA experts also perform vulnerabilityassessment, penetration testing, and security testing.

Cenzic has dedicated experts whose sole job is to perform ongoing researchto not only analyze known vulnerabilities but also discover new orundisclosed vulnerabilities in custom, commercial, and open-sourceapplications, and to make this information available to customers and tothe community at large in the form of publications and security alerts.Cenzic Hailstorm is updated similar to anti-virus on a regular basis withnew vulnerability information to give customers an advantage in stayingahead of new vulnerabilities.

About Cenzic

Cenzic is a leading provider of the next-generation enterprise software anda leading Managed Service offering for automated application securityassessment and compliance that allows Fortune 1000 corporations, mid-sizedcorporations, and government organizations to dramatically improve thesecurity of web applications. Cenzic® Hailstorm®, the most accurate andextensible product in the industry, enables security experts, QAprofessionals, and developers to work together to assess, analyze, andremediate applications for security vulnerabilities, Hailstorm benefitsinclude reduced security risk and liability, lower development and testingcosts, and faster time-to-market. Cenzic ClickToSecure™ service is oneof the industry's first Software as a Service (SaaS) to combine the powerof an enterprise-class application security assessment product with theflexibility of a managed security service. Cenzic Assessment Methodologycompletes the solution with a state-of-the-art business process consultingservice to help customers improve their application security methodologies.Cenzic solutions are the most accurate, comprehensive, and extensible inthe industry. Cenzic's current focus includes financial services, e-retail,healthcare, and government sectors. For more information, visitwww.cenzic.com.

CONTACT:Jason Throckmorton or Jesse OdellLaunchSquad415-625-8555Email Contact

SOURCE:  Cenzic

Related Articles

• Bill Coleman of Cassatt to Deliver the Opening Keynote at SYS-CON's SOA Web Services Conference in New York
  22 March 2006



• Novell Expands Market Start Program to Accelerate the Adoption of Open Source Application Software
  21 March 2006



• Intel/Microsoft: Management & Virtualisation Tech
  8 March 2006



• Laszlo Systems Announces Plans to Extend OpenLaszlo Platform to Support Delivery of Web 2.0 Applications in Browsers Without Flash(TM)
  8 March 2006



• Joyent Launches Web Based Collaboration Platform
  2 March 2006



• 'Chronicles of Narnia' Producers Gives Liferay Leading Role in its Public, Community Web Sites
  2 March 2006



• University of Nebraska to Become a Worldwide Hub for Advanced Training and Research for IBM On Demand Systems
  2 March 2006



• February Industry 2.0 Features Datacraft Solutions' Digital Kanban
  26 February 2006



• UK Hosting Company, JAB Web Solutions Announces New Range of Packages
  20 February 2006



• Singapore Internet Web Hosting Provider 8 to Infinity Pte Ltd (www.8.to) enhances their Dedicated web hosting offers
  13 February 2006



• Low-Cost Windows Web Hosting Company Celebrates 5th Anniversary
  13 February 2006



• SYMANTEC i3 7.5 DELIVERS PROACTIVE APPLICATION PERFORMANCE MANAGEMENT SOLUTION TO DRIVE DOWN IT COST
  12 February 2006



• Boundless Corporation Announces New Linux Web Terminal Product Lines
  10 February 2006



• Durham County Council and the National Health Service Adopt AEP Networks' SSL VPN for Secure Application Access
  25 January 2006



• Covalent Technologies(TM) Announces Support for Apache Geronimo Application Server
  25 January 2006