On Tuesday, the United States Carnegie Mellon University computer Emergency Response Team CERT Coordination Center issued a notice, the Polish security researcher Julian Horoszkiewicz in HP ArcSight series products found***5 security vulnerabilitiesthe.*
Vulnerability: upload arbitrary file
Authentication the attacker can use ArcSight logger on the vulnerability, the remote upload any file to the victim system. This makes the attacker to be in with app permissions on the server to execute a malicious script. The product of the configured input function does not filter the file name, so an attacker can upload any file operation.
Vulnerability two: content tampering
Authentication the attacker can tamper with system resources and parsing. The reason for the existence of this problem is because the recorder will allow all users to access certain configuration features, such as input, search and content management capabilities, of course, the attacker also can, just take the opportunity to drill this empty。
Vulnerability three: external entity injection
Horoszkiewicz also found that the recorder input content portion of the XML parser is vulnerable to XML external entity injection attack, the attacker will use this vulnerability in the victim server to execute arbitrary script.
HP ArcSight product on vulnerability there are two main types: one is cross-site scriptXSS vulnerability; another is cross-site request forgery（CSRF）vulnerabilities. An attacker can use cross site scriptXSS vulnerability to damage or modify system rules and resources, the use of cross-site request forgery（CSRF）vulnerability tamper data on the system. An attacker could exploit these vulnerabilities to trick the victim to visit a crafted malicious link, as would be caused by the extent of the damage, this is going to depend on the victim's permission.