[CERT-daily] Tageszusammenfassung - Donnerstag 21-11-2013

Thu Nov 21 18:15:09 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 20-11-2013 18:00 − Donnerstag 21-11-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** EFF Scorecard Shows Crypto Leaders and Laggards ***
---------------------------------------------
The Electronic Frontier Foundation (EFF) released its Encrypt the Web Report demonstrating how much encryption leading Internet companies and service providers are deploying.
---------------------------------------------
http://threatpost.com/eff-scorecard-shows-crypto-leaders-and-laggards/102987


*** Tomcat-Wurm springt von Server zu Server ***
---------------------------------------------
Symantec hat einen Wurm entdeckt, der Apaches Java-Webserver infiziert und als Java-Servlet von Server zu Server springt. Infizierte Rechner werden als DDoS-Schleudern und Proxys missbraucht.
---------------------------------------------
http://www.heise.de/security/meldung/Tomcat-Wurm-springt-von-Server-zu-Server-2051469.html


*** Are large scale Man in The Middle attacks underway?, (Thu, Nov 21st) ***
---------------------------------------------
Renesys is reporting two separate incidents where they observed traffic for 1500 IP blocks being diverted for extended periods of time. They observed the traffic redirection for more than 2 months over the last year. Does it seem unusual for internet traffic between Ashburn Virginia (63.218.44.78) and Washington DC (63.234.113.110) to go through Russia to Belarus? That is exactly what they observed. Once traffic flows through your routers there are countless opportunities to capture and modify...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17075&rss


*** A look at security effectiveness by industry ***
---------------------------------------------
BitSight analyzed security ratings for over 70 Fortune 200 companies in four industries - energy, finance, retail and technology. The objective was to uncover quantifiable differences in security effectiveness and performance across industries from October 2012 through September 2013.
---------------------------------------------
http://www.net-security.org/secworld.php?id=15991


*** 5 Considerations For Post-Breach Security Analytics ***
---------------------------------------------
Preparing collection mechanisms ahead of time, preserving chain of custody on forensics data, and performing focused analysis all key in inspecting security data after a compromise
---------------------------------------------
http://www.darkreading.com/5-considerations-for-post-breach-securit/240164113


*** EMC Document Sciences xPression cross-site request forgery ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/89073


*** SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CORE-2013-003
Project: Drupal coreVersion: 6.x, 7.x
Date: 2013-November-20
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities
Description: Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7.Multiple vulnerabilities due to optimistic cross-site request forgery protection (Form API validation - Drupal 6 and 7)Drupals form API has built-in cross-site request forgery (CSRF) validation, and also allows any...
---------------------------------------------
https://drupal.org/SA-CORE-2013-003


*** SA-CONTRIB-2013-096 - Entity reference - Access bypass ***
*** SA-CONTRIB-2013-095 - Organic Groups - Access bypass ***
*** SA-CONTRIB-2013-094 - EU Cookie Compliance - Cross Site Scripting (XSS) ***
*** SA-CONTRIB-2013-093 - Invitation - Access Bypass ***
---------------------------------------------
https://drupal.org/node/2140237
https://drupal.org/node/2140217
https://drupal.org/node/2140123
https://drupal.org/node/2140097


*** Vuln: SAP NetWeaver SHSTI_UPLOAD_XML() Function XML External Entity Injection Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63779


*** Vuln: SAP NetWeaver Logviewer Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/58615


*** Vuln: SAP NetWeaver SAP Portal URI Redirection Weakness ***
---------------------------------------------
http://www.securityfocus.com/bid/63783


*** Vuln: SAProuter NI Route Message Handling Heap Buffer Overflow Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/60054


*** Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Master Data Management - Collaborative Edition (CVE-2013-0478, CVE-2013-0477) ***
---------------------------------------------
IBM InfoSphere Master Data Management - Collaborative Edition versions 10.1, 10.0 and IBM InfoSphere Master Data Management Server for Product Information Management versions 9.1, 9.0, 6.0 are vulnerable to cross-site scripting and content spoofing.   CVE(s):  CVE-2013-0477, and CVE-2013-0478  Affected product(s) and affected version(s): IBM InfoSphere Master Data Management - Collaborative Edition Versions 10.1 and 10.0 IBM InfoSphere Master Data Management Server for Product Information...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_security_vulnerabilities_exist_in_ibm_infosphere_master_data_management_collaborative_edition_cve_2013_0478_cve_2013_04771?lang=en_us


*** SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution ***
---------------------------------------------
Title: SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution Product: Freemotion.Gate Vendor: SKIDATA, http://www.skidata.com/en/ Vulnerable Versions: 4.1.3.5 and likely all prior versions.
---------------------------------------------
http://www.keepingkidsonshred.com/2013/11/skidata-rfid-freemotiongate.html


*** Splunk Cross-Site Scripting Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55774


*** WHMCS "unserialize()" PHP Code Execution and Multiple Unspecified Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55717