Application Security

Drupal Code Execution Vulnerability Analysis

March 30, 2018 | Adeline Zhang

Recently, Drupal, a popular open-source content management framework, is found to contain a highly critical remote code execution vulnerability, which allows attackers to execute malicious code on a Drupal site, resulting in the site being completely compromised. This vulnerability is assigned CVE-2018-7600. The root cause of this vulnerability is related with Drupal’s rendering of forms: […]

Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485)

January 25, 2018 | Adeline Zhang

At the beginning of 2018, jackson-databind was reported to contain another remote code execution (RCE) vulnerability (CVE-2017-17485) that affects versions 2.9.3 and earlier, and earlier, and 2.8.10 and earlier. This vulnerability is caused by jackson-dababind’s incomplete blacklist. An application that uses jackson-databind will become vulnerable when the enableDefaultTyping method is called via the ObjectMapper […]

Technical Analysis and Recommended Solution of GoAhead httpd/2.5 to 3.5 LD_PRELOAD Remote Code Execution Vulnerability (CVE-2017-17562)

January 5, 2018 | Adeline Zhang

A remote RCE vulnerability (CVE-2017-17562) was found in all GoAhead Web Server’s versions earlier than 3.6.5. The vulnerability is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters, and will affect all users who have CGI support enabled with dynamically linked executables (CGI scripts). This behavior, when combined with […]

Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability

December 25, 2017 | Adeline Zhang

Overview Recently, NSFOCUS has received a slew of reports from customers in the finance, telecom, and Internet sectors on similar security events. Through analysis, NSFOCUS believes that these events are all associated with the malware-infected WebLogic Server (WLS) host. Specifically, attackers exploit the WLS component vulnerability (CVE-2017-10271) to attack the WLS middleware host via a […]

A Step Further — Demystifying XSS

October 17, 2017 | Adeline Zhang

Here is a comprehensive tutorial on cross-site scripting (XSS) attacks, ranging from entry to practice. Overview Note that XSS attacks are classified according to different angles in the preceding figure, but not simply classified into reflective XSS, stored XSS, and DOM-based XSS. In essence, XSS is injection of HTML code and JavaScript code. This kind […]

Analysis and Solution of Spring Data REST Server PATCH Request RCE Vulnerability

October 11, 2017 | Adeline Zhang

  Overview Recently, Pivotal released a security advisory to reveal the Spring Data REST server is prone to a remote code execution vulnerability (CVE-2017-8046) when processing PATCH requests. Attackers could exploit this vulnerability by sending a crafted PATCH request to the Spring Data REST server. The submitted JSON data contains a SPEL expression, which could […]

Struts 2 S2-052 REST Plug-in Remote Code Execution Vulnerability Analysis

September 8, 2017 | Adeline Zhang

Overview On September 5, 2017, Apache Struts released the latest security bulletin announcing that the REST plug-in in Apache Struts 2.5.x and some 2.x versions is prone to a high-risk remote code execution vulnerability, which has been assigned CVE-2017-9805 (S2-052). When using an XStream handler with an instance of XStream for deserialization, the REST plug-in […]

Shamoon 2: Back On the Prowl

February 8, 2017 | Devika Jain

Authors: Stephen Gates, Chief Research Intelligence Analyst & Cody Mercer, Senior Intelligence Threat Researcher Overview From reports in late January 2017, the Shamoon malware is back. Shamoon wipes the disks of computers infected with the malware. Apparently a new Shamoon variant prompted Saudi Arabia telecoms authority to issue a warning on Monday, January 23, 2017 for […]