Security issues raised about the servicedesk server during a security audit of our servers...

Security issues raised about the servicedesk server during a security audit of our servers...

Hi all,

We recently have gone through a security audit that included a security scan.  During the scan it was brought to our attention that the servicedesk server has two security vulnerabilities.  Both of these vulnerabilities seem to be directly related to service desk.

Issue # 1 - Web Server Uses Plain-Text Form Based Authentication -

THREAT:
The Web server uses plain-text form based authentication. A web page exists on the target host which uses an HTML login form. This data is sent from the client to the server in plain-text.
IMPACT:
An attacker with access to the network traffic to and from the target host may be able to obtain login credentials for other users by sniffing the network traffic.
SOLUTION:
Please contact the vendor of the hardware/software for a possible fix for the issue. For custom applications, ensure that data sent via HTML login forms is encrypted before being sent from the client to the host.

Issue # 2 - Apache Tomcat Multiple Content Length Headers Information Disclosure Vulnerability

 THREAT:

This vulnerability exists in Apache Tomcat Versions 4, 5 and 6 when the server doesn't reject multiple content length header requests.
IMPACT:
When these kinds of requests are processed by firewalls, caches, proxies and Tomcat, they may result in Web cache poisoning, XSS attack and information disclosure.
SOLUTION:
Refer to this Apache Tomcat Web site for details about the latest versions.

Obviously issue #1 is code related and issue # 2 is a known vulnerability in version 5.0.28 of Apache. 

So my question is first can issue #1 be looked at by development and for issue #2 the only fix available is to upgrade to a later version of apache.  Any idea if this will ever happen? 

Thanks.

-Nick

Reference:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090

http://tomcat.apache.org/security-5.html

http://www.securityfocus.com/bid/13873

Fixed in Apache Tomcat 5.5.23, 5.0.SVN

important: Information disclosure CVE-2005-2090

Requests with multiple content-length headers should be rejected as invalid. When multiple components (firewalls, caches, proxies and Tomcat) process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which content-length leader to use an attacker can poision a web-cache, perform an XSS attack and obtain senstive information from requests other then their own. Tomcat now returns 400 for requests with multiple content-length headers.

Affects: 5.0.0-5.0.30, 5.5.0-5.5.22

 

 


        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                        Related Products