February 22, 2012

You are here: Home / Archives for Vulnerability / Wep Application

New Django Versions to Fix Security Problems

September 13, 2011 By

(LiveHacking.Com) - The Django team has released updated versions of the popular high-level Python Web framework to address several security related problems. Along with the updates to the 1.2 and 1.3 code bases the Django project has also released several advisories for other issues which, while not requiring changes to Django itself, will be of concern to its users.

  • Session manipulation – For some configurations Django sessions are stored directly in the root namespace of the cache, using session identifiers as keys. This results is a potential attack when coupled with an application storing user-supplied data in the cache. To mitigate this, the keys used to store sessions will now be namespaced in the cache.
  • Denial of service attack via URLField – Django includes a field type — URLField — which validates that the supplied value is a valid URL, it can be set to validate the URL by issuing a request to it. By default, the underlying socket libraries in Python do not have a timeout. This can manifest as a security problem in different ways including an attacker supplying a URL under his or her control, and which will simply hold an open connection indefinitely.
  • URLField redirection – When validating a URL, if the URL uses a redirect no validation of the resulting redirected URL is performed, including basic checks for supported protocols (HTTP, HTTPS and FTP). This creates a small window for an attacker to gain knowledge of, for example, server layout; a redirect to a file:// URL, for example, will tell an attacker whether a given file exists locally on the server.
  • Host header cache poisoning – In several places, Django itself, independent of the developer, generates full URLs. Currently this uses the value of the HTTP Host header from the request to construct the URL, which opens a potential cache-poisoning vector: an attacker can submit a request with a Host header of his or her choice, receive a response which constructs URLs using that Host header and, if that response is cached, further requests will be served out of cache using URLs containing the attacker’s host of choice.

The advisories issued discuss different ways in which an attacker could possibly bypass Django’s Cross Site Request Forgery protection mechanism. While not actual bugs in Django itself, they are potential vectors for attack that developers should take into consideration.

According to djangosites.org, Django is used by at least 4000 web sites and the figure is likley to be much higher. All Django users are encouraged to upgrade to the latest versions, and to implement the recommendations in advisories, immediately.

Filed Under: Open Source, Security, Vulnerability, Wep Application Tagged With: ,

WordPress Releases Security Hardening Update

February 8, 2011 By

The WordPress project has announced the releases of WordPress 3.0.5. Dubbed as a security hardening release it is an essential update for those with any untrusted user accounts, but it also comes with other important security enhancements and hardening for all WordPress installations.

Two cross site scripting bugs have been squashed:

  • Properly encode title used in Quick/Bulk Edit, and offer additional sanitization to various fields. Affects users of the Author or Contributor role.
  • Preserve tag escaping in the tags meta box. Affects users of the Author or Contributor role.

Also included in 3.0.5 are two security enhancements one of which improves the security of any plugins which were not properly leveraging the WordPress security API.

All WordPress administrators are encouraged to upgrade to this latest version. You can update automatically from the Dashboard > Updates menu in your site’s admin area or download 3.0.5 directly.

Filed Under: Security, Vulnerability, Wep Application, WordPress Tagged With: ,

Mono 2.8.2 Fixes Source Code Disclosure Bug

January 10, 2011 By

MonoThe Mono Project have release Mono 2.8.2 which “contains an important security fix for users of ASP.NET”. The vulnerability, tagged CVE-2010-4225, allows under some circumstances ASP.NET applications to misbehave and return the source code (.aspx) of the application or any other file in the web application directory.

Affected are all 2.8.x versions of Mono. The components affected are the XSP web server and the mod_mono Apache module.

The Mono Project advise every Mono 2.8.xx user to upgrade to Mono 2.8.2 if they host web applications with it.

Filed Under: Open Source, Wep Application Tagged With: , , ,

PHP Floating-Point bug Found and then Fixed

January 8, 2011 By

phpA bug has been found in the popular web site scripting language PHP which theoretically could be used in a DoS attack against a web site. The bug is related to the way PHP 5.2 and 5.3 convert largest double-precision floating-point numbers from strings. The number in question is 2.2250738585072011e-308 and if a script wants to convert this from a string the CPU goes into an infinite loop. This could theoretically be used to mount a denial of service attack on a web site and send the CPU into overdrive.

The problem is known to only affect x86 32-bit PHP processes, regardless of whether the system hosting PHP is 32-bit or 64-bit. This is because 32-bit PHP processes use the x87 FPU for doing the conversion where as 64-bit processes use SSE.

The PHP team saw this as a critical bug and have released versions 5.3.5 and 5.2.17 to tackle the problem. It is strongly recommended that you upgrade to the new versions.

For more details see on the bug see the PHP bug report here and news of the new releases here. You can test whether your system is affected by running this script from the command line.

Filed Under: Security, Vulnerability, Wep Application Tagged With: ,

Cross-Site Scripting (XSS) Vulnerability in phpMyAdmin

January 2, 2011 By

phpMyAdmin is prone to a cross-site scripting vulnerability due to insufficient user-supplied data sanitization.

According to the vulnerability disclosure, an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. The attacker must entice an unsuspecting user to follow a malicious URI. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

All versions prior to phpMyAdmin 3.3.8.1 and 2.11.11.1 are vulnerable. Updates are available to fix this issue.

Filed Under: Vulnerability, Wep Application Tagged With: , , ,

Critical Security Update for WordPress

December 30, 2010 By

Version 3.0.4 of WordPress has released. This version is available from the update page in the WordPress dashboard or for download here. This is a critical update to fixes a core security bug in WordPress HTML sanitation library, called KSES. This security issue has been discovered by Mauro Gentile and Jon Cave (duck_).

More technical information is available here.

Filed Under: Security, Vulnerability, Wep Application, WordPress Tagged With: , , , , ,

Security Issue in Google Website Optimizer

December 7, 2010 By

Google has informed its users directly about a security issue in Google Website Optimizer.

Google has warned the Website Optimizer users about a vulnerability in the Website Optimizer Control Script. According to the Google email, an attacker might be able to execute malicious code on a user site using a Cross-Site Scripting (XSS) attack. This attack can only take place if a website or browser has already been compromised by a separate attack.

[Read more...]

Filed Under: Vulnerability, Wep Application Tagged With: , , , , ,

Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability

December 2, 2010 By

AWStats 6.95 and its prior versions are prone to an arbitrary command-execution vulnerability. This issue occurs when Awstats is used along with Apache Tomcat in Microsoft Windows.

According to securityfocus.com, an attacker can exploit this vulnerability to execute arbitrary shell commands in the context of the webserver process. This may help attackers compromise the underlying system; other attacks are also possible. [Read more...]

Filed Under: Open Source, Vulnerability, Wep Application Tagged With: , , ,