Product update: Dynamic API Scanning, Recommendations & Classifications, and more
We know the importance of staying ahead of threats. At Detectify, we’re committed to providing you with the tools you need to secure your applications …
Detectify security updates for 23 January
Detectify
For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We added these tests to the Detectify scanner tool on 23 January.
CVE-2019-2413: Oracle Reports Reflected XSS
One of the endpoints in Oracle Reports reflects the requested URL, which leads to a XSS-vulnerability.
CVE-2018-5006: Adobe AEM SSRF via ReportingServicesProxyServlet
CVE-2018-12809 is a SSRF vulnerability in Adobe AEM. It is possible to see the content of the request, and thus eg. query meta-data if it runs within AWS. Read more about SSRF here.
CVE-2017-12637: SAP NetWeaver Directory Traversal
It is possible to read the content of locally hosted files. More information about the vulnerability type can be found here.
Adobe AEM CQ Content-Finder XSS
It is possible to get a response that is supposed to be JSON to instead be sent as HTML, which then leads to a XSS-vulnerability.
Oracle Reports Diagnostic Endpoint Exposure
Oracle Reports has a endpoint used for diagnostic information. This gives the attacker information about a system that is supposed to be kept internal.
WGET HSTS List Exposure
When running the WGET-command a file is creating containing information about the HSTS-information from the downloaded links. This file is sometimes accidentally made publicly available.
Exposure of /.lesshst
.lesshst is a file containing history from the command less. Similar to the issue above, this file is sometimes made publicly available.
WordPress newsletter Open Redirect
A open redirect-vulnerability in a popular WordPress Plugin that is used for newsletter subscription management.
WordPress wordfence Configuration Disclosure
A configuration file for Wordfence is sometimes made publicly available, which would disclose that Wordfence is used. This is not very sensitive, but gives an attacker more information about a system.
Check out more content
Infinite payloads? The future of API Testing with dynamic fuzzing
What if we told you that our newly released API Scanner has 922 quintillion payloads for a single type of vulnerability test? A quintillion is …
