Security Flaws Impacting Oracle’s iPlanet Web Server Discovered By Researchers – Disposable mail news

Cyber Security Experts discover two security defects affecting Oracle’s iPlanet Web Server that could cause sensitive data exposure and limited injection attacks. 

Tracked as CVE-2020-9315 and CVE-2020-9314, discovered by experts at Nightwatch Cybersecurity on January 19, 2020, the two flaws are said to reside in the web administration console of the enterprise server management server. 

The first issue, known as CVE-2020-9315, could permit unauthenticated remote attackers to secure the read-only access to any page inside the administration console, without validation, by essentially replacing an admin GUI URL for the target page. 

The vulnerability could bring about the leak of sensitive information, including configuration information and encryption keys. 

While the second tracked as CVE-2020-9314, could be exploited to infuse external images which can be utilized for phishing and social engineering attacks. It lives in the “productNameSrc” parameter of the console. 

An inadequate fix for CVE-2012-0516 XSS validation defect considered this parameter to be abused related to “productNameHeight” and “productNameWidth” parameters for the injection of images into a domain. 

The two vulnerabilities affect Oracle iPlanet Web Server 7.0.x, that is no longer supported. 

At the time it isn’t clear if the earlier versions of the application are likewise influenced. As indicated by the experts, the most recent variants of Oracle Glassfish and Eclipse Glassfish share common code with iPlanet, yet they don’t appear to be vulnerable. 

“Since Oracle no longer supports Oracle iPlanet Web Server 7.0.x, the policy is that there is no coordinated disclosure involving Oracle,” concludes the report published by Nightwatch Cybersecurity. ”Reporters who discover security vulnerabilities in products that Oracle no longer supports are free to disclose vulnerability details without Oracle participation.” 

Following is the timeline for the issues: 

2020-01-19: Initial discovery 

2020-01-24: Initial disclosure sent to the vendor; rejected since the product is not supported 

2020-01-24: Clarification questions sent to the vendor 

2020-01-27: Report again rejected by vendor; referred to MITRE for CVE assignment 

2020-01-29: CVEs requested from MITRE 

2020-02-07: Initial report sent to CERT/CC 

2020-02-17: CVE request rejected by MITRE, resubmitted with more data 

2020-02-18: Response received from CERT/CC 

2020-02-20: CVE assignments received from MITRE 

2020-02-20: CVEs and disclosure plans communicated to the vendor 

2020-05-10: Public disclosure


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

HACKED- Windows 10, macOS, Adobe, VMware, Apple and Oracle at The Pwn2Own 2020! – Disposable mail news

Pwn2Own is a well-known computer hacking contest which is held once every year at the CanSecWest security conference. In this contest, the contestants are tested on how well they could exploit commonly used software and mobile devices with formerly unheard of vulnerabilities.

An issue as grave as the Coronavirus pandemic has clearly not affected the spirits of the Pwn2Own 2020 hacking competition which got done with its first two days.

On Day 1, security researchers and participants bagged a handsome amount of over $180,000 for exploiting the Windows 10, Ubuntu Desktop and macOS, mention sources.

Reportedly, a “team from the Georgia Tech Systems Software and Security Lab succeeded in exploiting a kernel privilege escalation to execute code on macOS” by way of Safari. The attack mechanism that ended up winning for the team $70,000 was comprised of 6 vulnerabilities.

Per the event page (thezdi.com), Georgia Tech employed a “6 bug chain to pop calc and escalate to root”.

The team that has won several preceding editions of the hacking contest, Team Fluoroacetate, won themselves a victorious $40,000 after they employed a “local privilege escalation exploit” meant for the Windows 10.

Reports mention that one of the two members of the aforementioned team also won himself a smashing amount of $40,000 for yet another privilege escalation exploit pursuing Windows 10.

As per sources, the RedRocket CTF team got themselves a win, owing to it to one of their members, Mafred Paul, who bagged an attractive amount of $30,000 for a local privilege escalation exploit focused on Ubuntu Desktop. The hack was about the manipulation of the ‘Input validation bug’.

On Day 2, The Fluoroacetate successfully targeted the Adobe Reader with a local privilege escalation by employing a pair of UAFs, mentioned sources and grabbed an amount of $50,000.

Per reports, the Synacktiv team targeted the VMware Workstation but unfortunately to no avail in the given duration of time. There also were special demonstrations of the Zero Day Initiative against the Oracle VirtualBox.

This was the very first time the organizers allowed “conditional remote participation” in the Pwn2Own hacking contest, understandably because of the increased concerns of people about traveling due to the Coronavirus outbreak.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail security updates for 23 January – 10 minute mail

For continuous coverage, we push out major Disposable mail security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

CVE-2019-2413: Oracle Reports Reflected XSS
One of the endpoints in Oracle Reports reflects the requested URL, which leads to a XSS-vulnerability.

CVE-2018-5006: Adobe AEM SSRF via ReportingServicesProxyServlet
CVE-2018-12809 is a SSRF vulnerability in Adobe AEM. It is possible to see the content of the request, and thus eg. query meta-data if it runs within AWS. Read more about  SSRF here.

CVE-2017-12637: SAP NetWeaver Directory Traversal
It is possible to read the content of locally hosted files. More information about the vulnerability type can be found here.

Adobe AEM CQ Content-Finder XSS
It is possible to get a response that is supposed to be JSON to instead be sent as HTML, which then leads to a XSS-vulnerability.

Oracle Reports Diagnostic Endpoint Exposure
Oracle Reports has a endpoint used for diagnostic information. This gives the attacker information about a system that is supposed to be kept internal.

WGET HSTS List Exposure
When running the WGET-command a file is creating containing information about the HSTS-information from the downloaded links. This file is sometimes accidentally made publicly available.

Exposure of /.lesshst
.lesshst is a file containing history from the command less. Similar to the issue above, this file is sometimes made publicly available.

WordPress newsletter Open Redirect
A open redirect-vulnerability in a popular WordPress Plugin that is used for newsletter subscription management.

WordPress wordfence Configuration Disclosure
A configuration file for Wordfence is sometimes made publicly available, which would disclose that Wordfence is used. This is not very sensitive, but gives an attacker more information about a system.

Questions or comments on our latest security updates? Let us know in the section below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Disposable mail here!

Already have an account? Login to check your assets.

Disposable mail is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail security updates for 20 February – 10 minute mail

For continuous coverage, we push out major Disposable mail security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

CVE-2017-3528: Oracle E-Business Suite Open Redirect
Oracle E-Business has a known open redirect-issue. There is a redirect-parameter that accepts any domain.

CVE-2016-3436: Oracle E-Business Suite XSS
More information about this module can be found here: https://nvd.nist.gov/vuln/detail/CVE-2016-3436

CruiseControl CI / Open Access
CruiseControl is an old CI tool. It has been found that it commonly configured to be exposed openly on the internet.

FinalBuilder Stack Trace Disclosure
The CI server FinalBuilder can be forced to generate an error message by sending a crafted request. This is a minor information leak.

Joomla! jmultiplehotelreservation SQL Injection
Version 6.0.7 and below of the extension has a known SQL-injection vulnerability. Read more: https://www.exploit-db.com/exploits/46232

MongoDB Exposure
It is possible to configure MongoDB to expose a HTTP interface. If this is done in an insecure way this would risk exposing the database to anyone on the internet.

 

Questions or comments on our latest security updates? Let us know in the section below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Disposable mail here!

Already have an account? Login to check your assets.

Disposable mail is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.