The ADC announced the discovery of a critical vulnerability in DWR (Direct Web Reporting) – a well known open source AJAX library that is incorporated into existing public Web sites. AJAX DWR includes two mechanisms that restrict access to sensitive functions (or “methods”). However, these mechanisms only affect client side code. Thus, an attacker can circumvent these restrictions using commonly available client tools (e.g. an HTTP client proxy) to manually manipulate browser requests. An exploit of this vulnerability can result in multiple damaging outcomes including data theft and denial of service.
January 3, 2007
Imperva Discovers Critical Vulnerability In AJAX Technology
Leave a Comment »
No comments yet.