For continuous coverage, we push out major every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our researchers and Crowdsource ethical community. Due to confidentially agreements, we cannot publicize all update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

 

CVE-2017-7529: NGINX Remote Integer Overflow / Memory Leak

Some older versions of Nginx contain a known integer overflow vulnerability which can be exploited to leak memory from the web server. Leaking memory from a web server is generally harmful, as it would contain requests from the visitors including user . It can also hold keys for certificates.

Read more about that here: https://github.com/nixawk/labs/issues/15

F5-Networks / Big-IP Cookie Information Exposure

F5 BIG-IP load balancer uses cookies to store a lot of data. Among other things, this data can expose internal IP-addresses. This is not a vulnerability in itself, but this information can certainly aid an attacker in further attacks.

More information can be found here: https://www.tenable.com/plugins/nessus/20089

CVE--9206: jQuery-File-Upload Arbitrary File Upload

The default configuration of jQuery-File-Upload allowsed a user to upload any file type. This meanst the ability of uploading a .php-file that would execute on the server, and thereby allow execution of any code.

This was reported to us by several different researchers and seems to be a issue both talked about by many and, but also affecting a lot of different .

More information can be found here: http://www.vapidlabs.com/advisory.php?v=204

Spring Boot Actuator Revealing Heap Dump Route

Some configurations of Spring Boot causes an endpoint to disclose a heapdump. A heapdump is a copy of the memory of a server. Similar to when describing the nginx memory leak, this memory can contain a lot of sensitive information which should not be disclosed.
This is more a misconfiguration rather than an actual vulnerability in Spring Boot.

Documentation for this can be found here: https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-endpoints.html#production-ready-endpoints-exposing-endpoints

NGINX Alias Directory Listing

A common misconfiguration of alias used in Nginx web servers allows an attacker to disclose source code and files on the server. This was submitted through Detectify Crowdsource some time ago, and we’ve added several improvements of detections in the release.

More information about this vulnerability can be found here: https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md

Deprecated PHP

We utilize a lot of fingerprinting to make each scan as efficient as possible as well as making sure we run all relevant tests against all websites. We will now start to alert customers when the version of PHP in use is no longer supported.

Read more about this issue here: https://www.zdnet.com/article/around-62-of-all-internet-sites-will-run-an-unsupported-php-version-in-10-weeks/

Persistent XSS in Laravel setup

Previous versions of Laravel have a persistent XSS in the default setup. More information about this can be found in this detailed write-up by x1m, https://x1m.nl/posts/laravel-xss-vuln/.

 

Questions or comments on our latest security updates? Let us know in the section below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!

Already have an account? Login to check your assets.

Detectify is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here