-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
New SmartDefense Updates have been released today, June 6,
2006 for users
of VPN-1 NGX R61 & R60, VPN-1 NG with Application
Intelligence R55W, R55 &
R54, users of InterSpect NGX & 2.0 and users of
Connectra NGX R61.
A Log Manipulation vulnerability was reported in Microsoft
ISA Server 2004.
ISA Server 2004 is an application-layer firewall, virtual
private network
(VPN), and Web cache solution. When exploited, the
vulnerability will
enable an attacker to manipulate the Destination Host
parameter of the log
file. For more information, refer to CPAI-2006-061 at
http://www.checkpoint.com/defense/advis
ories/public/2006/cpai-03-Jun.html
A flaw has been identified in Web App Security Scanner tool.
The flaw
specifically exists in the Expect header. Attackers can
exploit This flaw
by appending malformed Expect headers in outgoing HTTP
requests and
redirect users to Web sites of their choice. For more
information, refer to
CPAI-006-060 at
http://www.checkpoint.com/defense/advi
sories/public/2006/cpai-31-Mayb.html
SAP Business Connector (SAP BC) is B2B application that
enables
communication between SAP applications (like SAP R/3) and
non-SAP
applications. Several vulnerabilities have been reported in
the SAP BC that
can allow for Phishing scams against the SAP BC
administrator, disclosure
of sensitive information on the server and compromise of the
server. For
more information, refer to CPAI-2006-059 at
http://www.checkpoint.com/defense/adv
isories/public/2006/cpai-31-Maya.html.
WhatsUp is a tool from Ipswitch that monitors application
and network.
WhatsUp runs a custom web server fro the application Web
interface on port
8022. Multiple flaws have been identified in the server
including XSS
vulnerabilities, page redirection via cross site scripting
and header
spoofing attacks.
For more information, refer to CPAI-2006-058 at
http://www.checkpoint.com/defense/advi
sories/public/2006/cpai-28-May.html.
A vulnerability has been identified in osCommerce, an online
shopping cart
application. The vulnerability can be exploited by attackers
to manipulate
SQL queries. For more information, refer to CPAI-2006-057 at
http://www.checkpoint.com/defense/advis
ories/public/2006/cpai-31-May.html
Several vulnerabilities have been identified with Adobe
Document Server for
Reader Extensions 6.0. These vulnerabilities could allow an
attacker to
disclose sensitive information or conduct cross-site
scripting attacks. For
more information, refer to CPAI-2006-056 at
http://www.checkpoint.com/defense/advi
sories/public/2006/cpai-28-Maya.html
Links to the recent SmartDefense Advisories are available
at:
http://www.checkpoint.com/defense/advisories/pub
lic/summary.html
Read more about SmartDefense Service at:
http://www.checkpoint.com/defense/advisories/pu
blic/overview.html
To sign-up to the mailing list, send an email to
listserv amadeus.us.checkpoint.com with the text
"SUBSCRIBE
SMARTDEFENSE-NEWS" in the email body.
To unsubscribe from this list, send an email to
listservamadeus.us.checkpoint.com with the text
"SIGNOFF
SMARTDEFENSE-NEWS" In the email body.
As always, please feel free to contact us directly if you
have any comments
or questions (sda-infoCheckPoint.com).
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBRIXql1qiP0SjohCrEQIeoQCcDW2v/qkqP76kL7svrovxhdRtfxkA
n13F
4l/W752zsjhVR5DnJnb9fkY2
=+PIG
-----END PGP SIGNATURE-----
|