Disposable mail security updates for 15 November – 10 minute mail

For continuous coverage, we push out major Disposable mail security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

 

WordPress limit-login-attempts XSS

This WordPress plugin logs the IP-address of users that has multiple failed login attempts. However, in place of recording the actual IP-address, it is possible to log the value of the X-Forwarded-For-header instead.

When the administrator of the WordPress installation later logs into the dashboard the log is visible to them without proper filtering. This means that it is possible to use an XSS-payload as header value. Additional reading.

Expect-CT / Invalid Directive

During a scan of a website we check for several headers that we think improves the security by having set. For some we warn where they are lacking, for others we only warn if it is set to a invalid value.

To the list of checked headers we have now added Expect-CT when it is invalid, as that was submitted to us by a Crowdsource community member. More information about the header.

Spring Boot Path Traversal

Path Traversal bugs have received more and more interest from the security community, which also has lead to more submissions from our Disposable mail Crowdsource white hat hackers. This one was added in the latest release.

One vulnerability leads to another…

After looking at Crowdsource submissions and keeping up with the security community in general, our development team also added security tests to check for CVE-2018-3760: Ruby on Rails Path Traversal and CVE-2018-1271: Spring Path Traversal. 

Spring Boot / Health Route Exposure

After the last security update that included submissions related to Spring Boot, our further exploration of this lead to us adding more endpoints that are commonly exposed over the internet.

 

Questions or comments on our latest security updates? Let us know in the section below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Disposable mail here!

Already have an account? Login to check your assets.

Disposable mail is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail security updates for 13 December – 10 minute mail

For continuous coverage, we push out major Disposable mail security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

CVE-2018-14912: cgit Path Traversal

A vulnerability in cgit was recently made public by Google Project Zero. After getting it as a submission through Disposable mail Crowdsource we implemented it as a module. More information about the issue can be found here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1627

 CVE-2018-5006: Adobe AEM SSRF via SalesforceSecretServlet

Adobe AEM, also called Adobe Experience Manager, has previously had a few known vulnerabilities. Frans Rosén, one of our security advisors, has done a presentation on this here: https://www.youtube.com/watch?v=_j9ZEIodMDs

However, a new SSRF was released recently, which in addition to all the other research has been implemented to the scanner.

Apache Hadoop RCE

Read more about the story around this vulnerability here: https://securityaffairs.co/wordpress/77565/malware/hadoop-zero-day-exploit-leaked.html

jQuery-File-Upload related vulnerabilities

The last of the three! See the following blog post: https://blog.detectify.com/2018/12/13/jquery-file-upload-a-tale-of-three-vulnerabilities/

 

 

A few of the other things implemented…

  • CVE-2018-9845: Etherpad Authentication Bypass https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9845
  • Exposed Docker configuration file
  • Header-Based SSRF
  • URL-based Authentication Bypass

Questions or comments on our latest security updates? Let us know in the section below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Disposable mail here!

Already have an account? Login to check your assets.

Disposable mail is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.