Advisories
Please read our Vulnerability Disclosure Policy.
Full TextWatchguard Firebox User Enumeration Vulnerability
Apr 04, 2008
An advisory has been published today by MWR InfoSecurity relating to a user enumeration vulnerability present in Watchguard Firebox software prior to Version 10. The vendor has released a patch to address the issue which may be downloaded from https://www.watchguard.com/archive/softwarecenter.asp.
The impact of this vulnerability is that password guessing attacks can be performed much more efficiently by conducting them only against those usernames known to be valid. Additionally, these usernames may be valid on other systems and may also aid social engineering attacks.
Interwoven WorkSite - Active X Control Remote Code Execution
Apr 03, 2008
Worksite is a document management and email management solution from Interwoven Inc (Interwoven). Some of the functionality of the application is made available through ActiveX controls which are distributed within the iManFile.cab file. The ActiveX controls were found to be unsafe and permit code to be executed remotely by an attacker who is able to direct a user to a website containing exploit code.
The most serious of these vulnerabilities could enable an attacker to execute arbitrary code on a user’s computer remotely. This code would be executed with the permissions of the user logged into the system. However, other vulnerabilities are present.
The vendor has addressed this vulnerability in their latest service pack (WorkSite Web 8.2 SP1 P2) available from http://worksitesupport.interwoven.com.
IBM Websphere MQ MCAUSER Bypass
Mar 28, 2008
The Websphere MQ service can be used to transfer messages between systems and applications. It is possible to lock down access to channels by setting an invalid MCAUSER. A method of bypassing this authorisation control has been discovered which would enable unauthorised access to be gained.
The vendor has released a fix for this vulnerability and download details are available within the advisory.
IBM Websphere MQ Security Exit Bypass
Mar 28, 2008
The Websphere MQ service can be used to transfer messages between systems and applications. It is possible to protect the channels within the Queue Manager with a security exit which requires that an authentication check be passed before a connection can be established. A method of bypassing this authentication has been discovered which would enable unauthorised access to be gained.
The vendor has released a fix pack that addresses these issues and download details are available within the advisory.
Elastic Path Arbitrary File Systems Access
Mar 07, 2008
An advisory has been released today by MWR InfoSecurity relating to Elastic Path ecommerce software versions 4.1 and 4.1.1.
Multiple input validation vulnerabilities were identified within the Elastic Path application. As a result, directory traversal was possible allowing unrestricted file system access to the remote server. The impact of the vulnerabilities could enable an attacker to upload and download files from arbitrary locations on the affected system.
The vendor has released a patch to address these vulnerabilities. To obtain the patch users must contact the vendor at support@elasticpath.com or http://www.elasticpath.com/support/.