HP ArcSight Enterprise Security Products exposure to high-risk security vulnerabilities-vulnerability warning-the black bar safety net

2015-03-20T00:00:00
ID MYHACK58:62201560149
Type myhack58
Reporter 佚名
Modified 2015-03-20T00:00:00

Description

On Tuesday, the United States Carnegie Mellon University computer Emergency Response Team CERT Coordination Center issued a notice, the Polish security researcher Julian Horoszkiewicz in HP ArcSight series products found***5 security vulnerabilitiesthe.*

Vulnerability: upload arbitrary file

Authentication the attacker can use ArcSight logger on the vulnerability, the remote upload any file to the victim system. This makes the attacker to be in with app permissions on the server to execute a malicious script. The product of the configured input function does not filter the file name, so an attacker can upload any file operation.

Vulnerability two: content tampering

Authentication the attacker can tamper with system resources and parsing. The reason for the existence of this problem is because the recorder will allow all users to access certain configuration features, such as input, search and content management capabilities, of course, the attacker also can, just take the opportunity to drill this empty。

Vulnerability three: external entity injection

Horoszkiewicz also found that the recorder input content portion of the XML parser is vulnerable to XML external entity injection attack, the attacker will use this vulnerability in the victim server to execute arbitrary script.

HP ArcSight product on vulnerability there are two main types: one is cross-site scriptXSS vulnerability; another is cross-site request forgery(CSRF)vulnerabilities. An attacker can use cross site scriptXSS vulnerability to damage or modify system rules and resources, the use of cross-site request forgery(CSRF)vulnerability tamper data on the system. An attacker could exploit these vulnerabilities to trick the victim to visit a crafted malicious link, as would be caused by the extent of the damage, this is going to depend on the victim's permission.

[1] [2] next