December 02, 2008
Home
About
Submit Press Release
PR Firms
Editors/Journalists
Search Archives
 
News Releases by Category  
News by Country  
News by MSA  
All News for Today  
Browse News by Day  
News by Trackbacks  
All Press Releases for December 14, 2004 Subscribe to this News Feed  
 

IPxray Issues Industry Alert for Top-5 Network Intrusion Vulnerabilities

Download this press release as an Adobe PDF document.

Results of More Than 4000 Corporate Network Scans Indicate Dangerous Security Holes That Could Be Easily Fixed

STAMFORD, CT (PRWEB) December 14, 2004 -- IPxray, the pain-free network vulnerability assessment company, today issued an industry alert for the top-5 network intrusion vulnerabilities that hackers are most likely to exploit. The results are based on vulnerability scans over the last 30 days of more than 4,000 corporate nodes using IPxrays remotely hosted security scanning services. The results indicate that the most common intrusion vulnerabilities give hackers the ability to easily enter, disrupt or even take over corporate networks. The majority of these glaring security holes can be quickly fixed with software patches or upgrades.

We have examined data from the thousands of networks that have been scanned by our service in the last month. It is clear that a significant number of sophisticated, corporate networks suffer from dangerous security vulnerabilities," said Sholom Ellenberg, chief executive officer of IPxray, LLC and a certified CCIE. The good news is that many of the most prevalent security holes can be fixed relatively easily. People just have to know to look for the vulnerabilities. By issuing this alert we want to illustrate the real potential for trouble that exists. We also hope that this alert is an incentive for IT and network managers to examine and fix their networks."

Threat Overview
The most common security vulnerability IPxray exposed during the scans is the IIS: WebDAV Overflow (MS03-007)". According to Microsoft this vulnerability can allow an attacker to Run code of attackers choice" on the affected server and has a severity rating of Critical". Windows 2000 servers running IIS are especially vulnerable and should be patched immediately.

The second most common security vulnerability found by the scans is the Apache 1.3.31 htpasswd local overflow." This vulnerability affects all Apache web servers with version numbers up to and including 1.3.31. The vulnerability is linked to a buffer overflow in the htpasswd command, which could allow an attacker to execute arbitrary code on the system with the same privileges as the httpd process. The recommended fix for this vulnerability is to upgrade to a version of Apache later then 1.3.31.

The third most common security vulnerability uncovered is IIS FrontPage ISAPI Denial of Service." According to Microsoft hackers can exploit this vulnerability to generate denial of service attacks on websites running Microsofts FrontPage web server. This is fixed in patch Q319733 from Microsoft and is listed in Microsoft Security Bulletin MS02-018.

To check their network vulnerabilities against these and others, visitors can go to www.ipxray.com. The other intrusion vulnerabilities include:
• OpenSSH 3.7.1, php arbitrary file upload
• Apache mod_access rule bypass

Hacker attacks and break-ins of corporate networks grow in number every month. Aberdeen Group estimates that Internet-based disruptions that are being incurred by businesses from security-related causes such as worms and other online-related attacks cost corporations an average of $2 million an incident. Aberdeens research also states that companies average one incident a year.

About IPxray
IPxray is the pain-free network vulnerability assessment company. Its real-time, remotely hosted solutions provide an effective way for IT departments and network security consultants to quickly examine a network from the outside – looking in. IPxray has combined the best open-source scanning tools such as Nessus with powerful, proprietary scanning and monitoring tools to provide an unparalleled look at a corporate network – from the hackers point of view. Customers range from mid-size businesses to the world's largest corporations. The companys solutions are offered as a subscription service. IPxray is based in Stamford, Connecticut. For more information, visit at www.ipxray.com.

###

IPxray, IPxray GapVision, the IPxray logo and combinations thereof are trademarks of IPxray, LLC. All other brand and product names are used for identification only and are the property of their respective holders.

Press Contact:
Ed Schauweker
Tactile Marketing Group
ed@tactilemarketing.com
703-963-5238

Glenn Gaudet
IPxray
ggaudet@ipxray.com
866-297-0765
See the original story at: http://www.prweb.com/releases/2004/12/prweb188396.htm
Email this story to a colleague
Printer Friendly Version
Bookmark with del.icio.us
Bookmark with Y!MyWeb
Submit to Digg
Ed Schauweker
TACTILE MARKETING GROUP
703-963-5238
Email us Here

There are no multimedia files attached to this release. If this is your release you may add images or other multimedia files through your login.
If you have any questions regarding information in these press releases please contact the company listed in the press release. Please do not contact PRWeb. We will be unable to assist you with your inquiry. PRWeb disclaims any content contained in these release. Our complete disclaimer appears here.
 
Disclaimer: If you have any questions regarding information in these press releases please contact the company listed in the press release.
Please do not contact PRWeb®. We will be unable to assist you with your inquiry.
PRWeb® disclaims any content contained in these releases. Our complete disclaimer appears here.

© Copyright 1997-2007, Vocus PRW Holdings, LLC.
Vocus, PRWeb and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.

Terms of Service | Privacy Policy | Copyright