WhiteHat Discovers Serious Security Flaw Affecting All Web Servers
Worldwide Santa Clara, Calif., Jan. 20, 2003 — WhiteHat Security, Inc. a Santa Clara, California based company that specializes in Web Application Security, has discovered a serious security flaw affecting all web server world wide. From months of extensive research and testing, WhiteHat has found a way to exploit a flaw in the way all web servers communicate.
Using this vulnerability, an attacker could create a web site that steals User Passwords to access E-commerce sites, Online banks, and Web based e-mail systems from every user that visits that page. This web page could be e-mailed to people to extend the number of people attacked.
“While researching this issue, we discovered that a vast majority of commercial web sites have this vulnerability,” stated Jeremiah Grossman, Founder and Chief Executive Officer of WhiteHat.
The vulnerability exploits a flaw in the TRACE method which is used to debug web server connections. This is a rarely used portion of the HTTP protocol but is turned on by default in all major web servers. TRACE is part of the HTTP protocol specification, making it somewhat difficult to remove.
“If you want to be 100% compliant with RFC 2068, a document defining the standard behavior of the world wide web, you must include TRACE.” noted Lex Arquette, Chief Technology Officer of WhiteHat.
After discovering the vulnerability, WhiteHat attempted to find a way to mitigate the issue on web servers but found that no web servers had the ability to disable the TRACE command. WhiteHat found a way to work around these oversights but some are not supported by the vendors.
“Hopefully an exposure of this severity will convince web server vendors that every feature should have an OFF switch.” adds Alastair Davie, iPlanet Systems Manager, of a major international bank.
When Bob Rodger, IT Security Manager, of a major international bank, was asked his thoughts on the discovery of the flaw his reply was swift and precise: “In terms of significance, the term “pandemic” springs to mind – it is feasible that the majority web applications from web-mail to embedded applications on printers and routers may be affected. Thus, given the pervasive nature of this vulnerability, I see this as one of the most notable exploits since Code Red and Nimda.”
For technical information about this vulnerability please visit:
http://www.whitehatsec.com/news.html (direct link).
About WhiteHat
WhiteHat Security, Inc., is a privately held company headquartered in Santa Clara, CA which offers a variety of information security products and services to assist corporations in tackling the increasingly complex area of web site security. WhiteHat’s group of leading computer security professionals are among the first to automate the analysis of vulnerabilities in individual web applications.