Detectify security updates for 18 April

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We added these tests to the Detectify scanner tool on 17 April.

Apache Tomcat RCE when “enableCmdLineArguments” is enabled on Windows (CVE-2019-0232)

CGI Servlets are by disabled by default on a Tomcat installation. However, if one would enable this feature without having to disable enableCmdLineArguments it leads to RCE. This became public a few days ago and was quickly submitted by several Crowdsource researchers.

Confluence Widget Connector path traversal (CVE-2019-3396)

To quote the advisory:

“There was a server-side template injection vulnerability in Confluence Server and Data Center, in the Widget Connector. An attacker is able to exploit this issue to achieve path traversal and remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.”

More information here.

Backdoor / RCE in bootstrap-sass 3.2.0.3

A backdoor was discovered by Snyk in the gem bootstrap-sass. It makes it possible to send crafted cookies that are then decoded and executed as code.

More information about it.

Embedded Metadata in Office files

After receiving a Crowdsource submission about it we have improved the support for handling meta-data in files found during crawling, in this case Office documents. This data can show information about the authors or system it was created on that is not intended to be public.