Bypassing The NEX WebOTX Products Vulnerability

News

Contributed by: Lauren Gerber
Date: July 8, 2009

	3 Vote 0	Bypassing The NEX WebOTX Products Vulnerability

Technology has, as we all know, advanced to extremely high degrees. Although technology has advanced to these high levels, it has not yet advanced enough to stop all the computer security vulnerabilities. If this will ever happen in the future only time will tell. Coming back to the present, I am here today to inform you of a vulnerability that has been reported in a variety of the NEC WebOTX products.

WebOTX provides its users with a broad range of functions. With regard to the web services specifications, WebOTX supports the following; SOAP, UDDI, WSDL, and XML.These are all extremely popular and are receiving vast amounts of attention. XML as you may or may not know, stands for Extensible Mark-up Language, and is classified as an extensible language due to the factor that it allows its users to actually define the mark up language. Microsoft Word is a good example of a text editor that makes use of XML. Some of the Microsoft Word files may include but are not limited to the following: ApplyTheme.exe, CUSTWIZ.EXE, finstall.dll, grammar.dll as well as hyph.dll.

This vulnerability is a direct result of a synchronization problem. This happens when the checking of IP addresses take place. This runs a very high risk of being exploited in order to bypass a filter value that extends the:"RemoteFilterValve".This may also result in malicious characters gaining access to various protected locations.

The products and versions which this vulnerability resides in:

WebOTX UDDI Registry version 1.1 through 2.1

WebOTX Web Edition version 4.x through 5.x

WebOTX Standard-J Edition version 4.x through 5.x

WebOTX Standard Edition version 4.x through 5.x

WebOTX Enterprise Edition version 4.x through 5.x

Table 1. The products and versions this vulnerability affects

This vulnerability has been rated as not critical, although it may be exploited by malicious characters in order to bypass particular security restrictions and gain access without any of the authorization which is generally required. You may be wondering what the solution to this vulnerability may be. The solution is for all users to apply the patches which are available. Another option is for users to contact the Vendor and find out any additional information that you may need to know with regards to this vulnerability. All the best of luck and until next time remember it is better to be safe than sorry.

Resources:
The advisory for this vulnerability.
What is WebOTX?
More info with regard to this vulnerability.
CVE of this vulnerability.

User Comments

Featured Videos

Optimize Startup

From: PC1News Videos

Added: November 11, 2008

Software Downloads

SpyHunter V.4

Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.

Download now

Registry Mechanic 8

Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.

Download now

SpywareBlaster 4.1

The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.

Download now