Detectify security updates for 4 September

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings,  features and improvements sourced from our security researchers. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. 

The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

We added these tests to the Detectify scanner from August 31 – September 4.

CVE-2019-9733: JFrog Artifactory Administrator Authentication Bypass

JFrog Artifactory is vulnerable to administrator account takeover. By providing the HTTP header ‘X-Forwarded-For’ as localhost, it is possible to bypass Artifactory’s whitelist allowed IP addresses. This vulnerability is exploitable in most configurations, including when an external SSO provider, such as Okta or OneLogin, is used.

CVE-2018-14371: Mojarra JavaServerFaces Directory Traversal

This module exploits a directory traversal vulnerability in ResourceManager.java of Eclipse Mojarra 2.3.4. An attacker is able to abuse the `loc` parameter in the getLocalePrefix function to download configuration files or Java bytecodes from applications.

Atlassian Jira XSS, XXE and RCE

We have released several reported 0-days in Atlassian Jira, including XSS, XXE and RCE vulnerabilities.

BitBucket Pipelines Configuration Exposure

This module checks for exposed BitBucket pipeline configuration files. These files contain information used in the build and deploy parts of the affected system and can be leveraged for further attacks.

Microsoft IIS _vti_pvt Sensitive File Exposure

This module checks for files in the /_vti_pvt folder of Microsoft IIS sites. Old Microsoft IIS sites and Microsoft IIS sites that have been upgraded from older versions sometimes contain files containing metadata and other content-related information in the /_vti_pvt folder. These files should have been removed or restricted following the install/upgrade, as they contain sensitive information which should not be exposed. 

vBulletin vb_test.php XSS

This module searches for a reflected XSS vulnerability in a vBulletin test script (vb_test.php) that users can use to check if their server environment is suitable for vBulletin.

NGINX Configuration Exposure

This module searches for exposed Nginx configuration files. These files contain information that can help attackers conduct further attacks against the application.

Oracle EBS LFI

A Local File Inclusion vulnerability exists within the bispgraph.jsp file in Oracle E-Business Suite. Successful exploitation would allow an attacker to read sensitive files on the server.