Campsite Vulnerable to Remote Input Authentication Security Flaws
According to Internet security specialists, Campsite is vulnerable to a number of security flaws, including XSS (cross-site scripting) issues and problems of local and distant file insertion.
An open source application, Campsite is designed for web publishing that provides written content through Internet sites. Media firms use the software to present their publications and other printed works in their online versions. Further, it represents the single open source program that imbibes the same style that newspapers and magazines employ.
However, the software presently has several 'Hypertext Preprocessor' (PHP) remote file-include flaws, which an attacker could exploit to acquire cookie-based verification credentials and other sensitive details or to run malevolent PHP code inside a user's Web browser. Apart from this, the attacker could capture other secret data.
The flaws might allow malicious users to obtain full control of unwary end-users' computers along with potentially compromising any software. Furthermore, malicious users might exploit these problems through specific browsers. Evidently, an attacker who decides to exploit the XSS flaw, it is essential that he first persuades the target user to visit a specially-crafted website.
At present, Campsite 3.3.0 RC1 is known to be prone to the flaws, other versions might be vulnerable too. Besides, it is not known if any patches are available. Therefore, users are recommended that they update their software with the most recent editions.
In the meantime, the success of the automated and targeted network attacks shows that a majority of organizations do not have adequate strategies to protect against vulnerabilities in spite of the fact that 99% of the available attack codes leverage familiar security flaws, according to the US-CERT.
Security specialists state that the amount of security data currently available is almost unmanageable. Over and above, there is a continuous increase in the total number of freshly found security flaws, whereas time for finding a solution is declining. Consequently, IT departments are compelled to re-evaluate their methods for safeguarding their company network, the specialists note.
Related article: Conviction of First Felony Spam in Virginia Upheld
» SPAMfighter News - 29-07-2009