Ajax Security Flaw Could Compromise Applications


Security vendor Imperva has identified a vulnerability in Ajax, which it says an attacker could use to compromise an application based on the Web scripting components known collectively as Ajax (asynchronous JavaScript and XML).

The vulnerability in the Direct Web Reporting component of the Ajax development framework is probably the first server-side-based vulnerability to be identified, according to Imperva, which has issued guidance on a workaround that would let application programmers close the hole.

"Itís an access-control vulnerability," said Amichai Shulman, CTO at Imperva. Ajax Security Flaw Could Compromise Applications - Security Feed - News - CSO Magazine

Linked by shanmuga Thursday, 4th January 2007 2:29AM