Red Hat patches multiple web application Vulnerabilities

Red Hat patches multiple web application Vulnerabilities

RED HAT has fixed multiple web application security issues that allowed hackers to extract website database using Blind SQL injection. Red Hat also confirmed a cross site scripting and Local File Inclusion Vulnerabilities on their website.
Mohamed Ramadan Security Researcher and Trainer Attack-Secure, told ‘The Hacker News‘ that last year he reported 3 flaws to the company and they finally confirm and patch those in January 2013.
Red Hat patches SQL injection
Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application, rather than getting a useful error message, they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible.
Local file inclusion is a vulnerability that allows the attacker to read files, that are stored locally through the web application.This happens because the code of the application does not properly sanitize the include() function
Technical details are not available at the moment about vulnerable URLs for security issue. Mohamed recently acknowledged by Facebook and Etsy for reporting serious vulnerabilities in their mobile apps. Red Hat also list him on their website under WhiteHat hackers.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  • Blog Stats

    • 10,847 hits
  • Upcoming Events

    No upcoming events

%d bloggers like this: