Indusface Product Newsletter - March 2022

Rama Sadhu Updated by Rama Sadhu

March 2022 Edition

Learn about the recent launches and updates to the product.

------------------------------------------------------------------------------------------

AppTrana Updates

Automatic Scan Scheduling

  1. We have added the Scan schedule option to the Detect page. The scan will be automatically started at the scheduled time.
  2. The user can cancel the scheduled scan before the scan gets started.
  3. The stop option is provided for the running scan.
  4. The last 5 scan details will be available, and the user can select any scan detail from the dropdown to view the details.
  5. Rule visibility option will be enabled for All Users for newly registered customers.

Executive Dashboard

  1. It provides executives with an easy-to-use dashboard that gives the summary of the account while providing all the necessary information to make decisions.
  2. Note - All the data in the executive dashboard will be shown for active sites in the account.
  3. Please find the dashboard’s screenshot below with dummy data -

Sig Dev Labs

The following signatures are added to the Scanner to identify the new vulnerabilities.

  1. SQL Injection - SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution
  2. Apache Range DoS (Denial of Service) – The byte range filter in the Apache HTTP Server 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, exploit called "Apache Killer".
  3. XSS and HTML Injection - HTML injection is a type of injection vulnerability that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user’s session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.
  4. HTML Form Without CSRF (Cross-Site Request Forgery) Protection - An attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application.
  5. Apache Server ETag Header Information Disclosure vulnerability - ETag header providing sensitive information that could aid an attacker, such as the inode number of requested files.

WAF Rule Updates

  1. Apache Http Server Path Traversal Vulnerability
  • A new rule has been written to prevent path traversal attack.
  • The Apache Http Server Path Traversal Vulnerability is a vulnerability that has been discovered in Apache HTTP Server, which could allow for a path traversal attack. Apache HTTP Server is an open-source, cross-platform web server for Unix and Windows. Successful exploitation allows threat actors to map URLs to files outside the expected document root by launching a path traversal attack and would give a remote attacker access to arbitrary files outside of the document root on the vulnerable web server. Additionally, exploits of this flaw may lead to the leaking of the source of interpreted files such as CGI scripts.
  • Systems Affected:

-Apache HTTP Server 2.4.49

-Apache HTTP Server 2.4.50

  1. Microsoft Exchange .NET Deserialization RCE Vulnerability
  • From the advisory of Microsoft, it stated that this CVE-2021-42321 is a post-auth RCE vulnerability
  • Exchange that affects on-premises servers running Microsoft Exchange 2016 and 2019, including those using Exchange Hybrid mode.
  • This exploit enables authenticated threat actors to execute code remotely on vulnerable servers and launch an attack.

  1. Apache Log4j RCE Vulnerability CVE-2021-44228
  • Log4j 2 is a logging library used in many Java applications and services. The library is part of the Apache Software Foundation’s Apache Logging Services project. A remote code execution vulnerability exists in Apache Log4j2 <=2.14.1 JNDI features where configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints.
  • An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when the message lookup substitution is enabled. This vulnerability is also known as “Log4Shell”.

How did we do?

Indusface Product Newsletter - June 20

Indusface Product Newsletter - October 19

Contact

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.