For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
CVE-2017-7529: NGINX Remote Integer Overflow / Memory Leak
Some older versions of Nginx contain a known integer overflow vulnerability which can be exploited to leak memory from the web server. Leaking memory from a web server is generally harmful, as it would contain requests from the visitors including user passwords. It can also hold keys for certificates.
Read more about that here: https://github.com/nixawk/labs/issues/15
F5-Networks / Big-IP Cookie Information Exposure
More information can be found here: https://www.tenable.com/plugins/nessus/20089
CVE-2018-9206: jQuery-File-Upload Arbitrary File Upload
The default configuration of jQuery-File-Upload allowsed a user to upload any file type. This meanst the ability of uploading a .php-file that would execute on the server, and thereby allow execution of any code.
This was reported to us by several different researchers and seems to be a issue both talked about by many and, but also affecting a lot of different websites.
More information can be found here: http://www.vapidlabs.com/advisory.php?v=204
Spring Boot Actuator Revealing Heap Dump Route
Some configurations of Spring Boot causes an endpoint to disclose a heapdump. A heapdump is a copy of the memory of a server. Similar to when describing the nginx memory leak, this memory can contain a lot of sensitive information which should not be disclosed.
This is more a misconfiguration rather than an actual vulnerability in Spring Boot.
Documentation for this can be found here: https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-endpoints.html#production-ready-endpoints-exposing-endpoints
NGINX Alias Directory Listing
A common misconfiguration of alias used in Nginx web servers allows an attacker to disclose source code and files on the server. This was submitted through Detectify Crowdsource some time ago, and we’ve added several improvements of detections in the latest release.
More information about this vulnerability can be found here: https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
We utilize a lot of fingerprinting to make each scan as efficient as possible as well as making sure we run all relevant tests against all websites. We will now start to alert customers when the version of PHP in use is no longer supported.
Read more about this issue here: https://www.zdnet.com/article/around-62-of-all-internet-sites-will-run-an-unsupported-php-version-in-10-weeks/
Persistent XSS in Laravel setup
Previous versions of Laravel have a persistent XSS in the default setup. More information about this can be found in this detailed write-up by x1m, https://x1m.nl/posts/laravel-xss-vuln/.
Questions or comments on our latest security updates? Let us know in the section below.
Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!
Already have an account? Login to check your assets.