Quantcast
Channel: MALWARELIST.net - Your Information Security Source » Cybersecurity threats 2015
Viewing all articles
Browse latest Browse all 6

Cybersecurity threats 2015: new security vulnerabilities has been found by security researchers

0
0

New security vulnerabilities 2015Several new security vulnerabilities of varying severity has been found by security researchers

Several new security vulnerabilities of varying severity has been found by security researchers:

  • System compromise in Android (high severity vulnerability)
  • Bypassing security restrictions on Apache Tomcat (middle severity vulnerability)
  • Multiple vulnerabilities in CMS Drupal (low severity vulnerability)
  • Compromising the system in Apple QuickTime for Windows (high severity vulnerability)

1. Operating-systems Android system-compromise

AndroidDanger level: High
Availability of correction: None
The number of vulnerabilities: 1

Vector of operation: Remote
Impact: System Compromise

Affected Products: Android 5.x
Affected versions: Android 5.x

Description:

The vulnerability allows a remote user to compromise a vulnerable system.

The vulnerability is caused due to an error in the component Android, associated with functional simultaneously run multiple applications. This can be exploited to compromise a vulnerable system.

More information about this vulnerability in Android on video below

Manufacturer URL: www.android.com

Solution: The way to eliminate the vulnerability does not exist at the moment.

Links: https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-ren-chuangang.pdf

2. Bypassing security restrictions on Apache Tomcat

Apache TomcatDanger level: Middle
Availability of fixes: Yes
The number of vulnerabilities: 1

CVE ID: CVE-2014-0227
Vector of operation: Remote
Impact: Bypassing security restrictions

Affected Products: Apache Tomcat 6.x, Apache Tomcat 7.x
Affected versions: Apache Tomcat 6.0.0 to 6.0.41, Apache Tomcat 7.0.0 to 7.0.54, Apache Tomcat 8.0.0-RC1 to 8.0.8

Description:

[CVE-2014-0227] The vulnerability allows a remote user to bypass certain security restrictions.
The vulnerability is caused due to an error in the processing of requests to the “java / org / apache / coyote / http11 / filters / ChunkedInputFilter.java”. This can be exploited to modify certain data or cause a denial of service.

Manufacturer URL: apache.org

Solution: Install the latest version from the manufacturer.

Links: http://tomcat.apache.org/security-7.html

3. Multiple vulnerabilities in Drupal

DrupalSecurity risk: Critical
Availability of fixes: Yes
The number of vulnerabilities: 5

Vector of operation: Remote
Impact: Cross-site scripting, Disclosure of sensitive data, Unauthorized modification of data

Affected Products: Drupal 6.x, Drupal 7.x
Affected versions: Drupal 6.x, Drupal 7.x

Description:

The vulnerability allows a remote user to SQL-injection.

1. The vulnerability is caused due to an error when processing the input data in the function “Drupal.ajax ()”. This can be exploited via a specially crafted link to execute arbitrary script code in a user’s browser session in context of an affected site.
2. The vulnerability is caused due to an error when processing the input data associated with the functional auto-fill fields. This can be exploited via a specially crafted link to execute arbitrary script code in a user’s browser session in context of an affected site.
3. The vulnerability is caused due to an unspecified error when processing the input data. A remote user can execute arbitrary commands in the application database.
4. The vulnerability is caused due to lack of authentication of HTTP requests. This can be exploited via a specially crafted link implement CSRF attack.
5. The vulnerability is due to improper distribution of privileges “access content” among users. This can be exploited to disclose the names of sensitive sites.

Manufacturer URL: drupal.org

Solution: Install the latest version from the manufacturer.

Links: https://www.drupal.org/SA-CORE-2015-003

4. Compromising the system in Apple QuickTime for Windows

Apple QuickTimeDanger level: High
Availability of fixes: Yes
The number of vulnerabilities: 2

CVE ID: CVE-2015-5785, CVE-2015-5786

Vector of operation: Remote
Impact: System Compromise

Affected Products: Apple QuickTime 7.x
Affected versions: Apple QuickTime for Windows versions prior to 7.7.8

Description:

The vulnerability allows a remote user to compromise a vulnerable system.

[CVE-2015-5785 and CVE-2015-5786] Multiple vulnerabilities are found in Apple QuickTime. The vulnerabilities is caused due to a memory corruption error when processing your media. A remote attacker could exploit the vulnerabilities by enticing a user to open a specially crafted media file.

Manufacturer URL: apple.com

Solution: Install the latest version from the manufacturer.

Links: https://support.apple.com/en-us/HT205046


 


Filed under: Vulnerabilities

Viewing all articles
Browse latest Browse all 6

Latest Images

Trending Articles





Latest Images