For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
CGI Servlets are by disabled by default on a Tomcat installation. However, if one would enable this feature without having to disable enableCmdLineArguments it leads to RCE. This became public a few days ago and was quickly submitted by several Crowdsource researchers.
Confluence Widget Connector path traversal (CVE-2019-3396)
To quote the advisory:
There was a server-side template injection vulnerability in Confluence Server and Data Center, in the Widget Connector. An attacker is able to exploit this issue to achieve path traversal and remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.
Backdoor / RCE in bootstrap-sass 188.8.131.52
A backdoor was discovered by Snyk in the gem bootstrap-sass. It makes it possible to send crafted cookies that are then decoded and executed as code.
Embedded Metadata in Office files
After receiving a Crowdsource submission about it we have improved the support for handling meta-data in files found during crawling, in this case Office documents. This data can show information about the authors or system it was created on that is not intended to be public.
Questions or comments on our latest security updates? Let us know in the section below.
Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!
Already have an account? Log in to check your assets.