Detectify security updates for 13 December

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We added these tests to the Detectify scanner tool on 13 December.

CVE-2018-14912: cgit Path Traversal

A vulnerability in cgit was recently made public by Google Project Zero. After getting it as a submission through Detectify Crowdsource we implemented it as a module. More information about the issue can be found here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1627

CVE-2018-5006: Adobe AEM SSRF via SalesforceSecretServlet

Adobe AEM, also called Adobe Experience Manager, has previously had a few known vulnerabilities. Frans Rosén, one of our security advisors, has done a presentation on this here: https://www.youtube.com/watch?v=_j9ZEIodMDs

However, a new SSRF was released recently, which in addition to all the other research has been implemented to the scanner.

Apache Hadoop RCE

Read more about the story around this vulnerability here: https://securityaffairs.co/wordpress/77565/malware/hadoop-zero-day-exploit-leaked.html

jQuery-File-Upload related vulnerabilities

The last of the three! See the following blog post: https://blog.detectify.com/2018/12/13/jquery-file-upload-a-tale-of-three-vulnerabilities/

A few of the other things implemented…

• CVE-2018-9845: Etherpad Authentication Bypass https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9845
• Exposed Docker configuration file
• Header-Based SSRF
• URL-based Authentication Bypass