Cenzic's Intelligent Analysis (CIA) research lab recently named the top five most serious Web application vulnerabilities for the month of February. The company's top five list includes vulnerabilities in many of today's most widely used business platforms, including Lotus Domino, Symantec Sygate Management Server, IBM Tivoli, Domino Web Access and InfoVista VistaPortal. They were selected for their severity and potential threat to common, widely used software and business environments.
- Lotus Domino Directory Traversal and URL/Archive Processing Buffer Overflows [CIA-1042-Alert]
Several vulnerabilities were discovered in Lotus Domino/Notes versions 6.5.4 and previous, and in version 7.0. Affected versions allow a remote user to execute malicious code by embedding an overly long URL within an e-mail message. IBM has released patches to eliminate these security issues. Affected users can access IBM support at http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918.
- Symantec Sygate Management Server SQL Injection Vulnerability [CIA-1043-Alert]
A vulnerability in the Sygate Management Server (SMS) allows a remote attacker to inject SQL command to overwrite the administrator password. Symantec's Sygate Management Server versions 4.1 build 1417 and prior are vulnerable to a SQL injection attack that can give an attacker full control of the system. Affected sites are advised to upgrade to a fixed version, available at http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html.
- IBM Tivoli Access Manager Directory Traversal Vulnerability [CIA-1044-Alert]
A vulnerability in the IBM Tivoli Access Manger lets a remotely authenticated user access arbitrary files via directory traversal attacks. Versions 5.1.0 and 6.0.0 of the IBM Tivoli Access Manager are vulnerable to these attacks when the Web Server plug-in component is installed.
IBM has released a security fix for each of the affected platforms, which can be accessed at
• Fixpack 5.1.0-TIV-WPI-FP0017: http://www-1.ibm.com/support/docview.wss?uid=swg24011562
• Fixpack 6.0.0-TIV-WPI-FP0001: http://www-1.ibm.com/support/docview.wss?uid=swg24011561
- Domino Web Access Multiple Cross-Site Scripting Vulnerabilities [CIA-1045-Alert]
A vulnerability in Domino Web Access allows Cross-Site Scripting attacks because the client fails to sufficiently sanitize HTML code before displaying this information to the user. As a result it is possible to craft a malicious email with HTML embedded in the subject line to cause this code to execute in the browser of any user who views the message. Affected enterprises should implement IBM's security fixes, found at http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919.
- InfoVista VistaPortal Discloses Files and Path to Remote Users [CIA-1046-Alert]
Affected versions of InfoVista VistaPortal are vulnerable to directory traversal attacks, although the particular variation that successfully exploits the vulnerability has not been disclosed. VistaPortal runs with root privileges, thereby allowing access to any file on the server, including files that contain server password configuration for the Solaris Operating System.
Affected sites should apply the InfoVista hotfix (IV00038969) to eliminate the directory traversal vulnerability.