ManageEngine Ad Manager – 0 Day XSS ve Injection Açığı Hakkında

blog25
Ürün Güncelleştirmeleri / Ürünler

ManageEngine Ad Manager – 0 Day XSS ve Injection Açığı Hakkında

ManageEngine Ad Manager – 0 Day  XSS ve Injection Açığı Hakkında

INVICTUS tarafından bildirilen güvenlik açığı ile ilgili olarak;

Üretici ile yapılan görüşmeler sonucunda 10/01/2017 tarihinde yani bugün yayınlanacak bir patch ile açıklar kapatılmış olacaktır.

Üreticiden edinilen güncel mesaj

0 Day Ad Manager XSS ve Injection

Açığı bildiren firma

https://www.invictuseurope.com/

Yayınlandığında hotfix link’i bu sayfada duyuracağız.

Edit:Uretici ve distribütör tarafindan saglanan ve acigi kapatan guncelleme link’i eklenmistir.

http://bonitas.zohocorp.com/customer_uploads/2017_1_12_15_38_34_Vulnerability_Issue_fix.zip

Patch uygulamasi icin adimlar;

Steps to apply the patch :

1. Stop ADManager plus ( Start -> Programs -> ADManager plus -> Stop ADManager plus )

If you are running the product as a service, go to “services.msc” -> stop ManageEngine ADManager plus service.

Backup the original files.

1. Move “AdventNetADSMClient.jar and AdventNetADSMServer.jar” which is located in “ManageEngineADManager pluslib” to a different directory.

2. Move “security.xml” which is located in “ManageEngineADManager pluswebappsadsmWEB-INFsecurity” to a different directory.

3. Move “web.xml” which is located in “ManageEngineADManager pluswebappsadsmWEB-INF” to a different directory.

4. Move “AdventNetADSMJspClient.jar” which is located in “ManageEngineADManager pluswebappsadsmWEB-INFlib” to a different directory.

5. Move “android_logo_login.gif and iphone_logo_login.gif” which is located in “ManageEngineADManager pluswebappsadsmimages” to a different directory.

Replace the new files.

1. Extract and save “AdventNetADSMClient.jar and AdventNetADSMServer.jar” to “ManageEngineADManager pluslib”

2. Extract and save “security.xml” to “ManageEngineADManager pluswebappsadsmWEB-INFsecurity”

3. Extract and save “web.xml” to “ManageEngineADManager pluswebappsadsmWEB-INF”.

4. Extract and save “AdventNetADSMJspClient.jar” to “ManageEngineADManager pluswebappsadsmWEB-INFlib”.

5. Extract and save “android_logo_login.gif and iphone_logo_login.gif” to “ManageEngineADManager pluswebappsadsmimages”.

6. Start ADManager plus ( Start -> Programs -> ADManager plus -> Start ADManager plus ) and check for the vulnerabilities.

If you are running the product as a service, go to “services.msc” -> start ManageEngine ADManager plus service.

Leave your thought here

Your email address will not be published. Required fields are marked *

Select the fields to be shown. Others will be hidden. Drag and drop to rearrange the order.
  • Image
  • SKU
  • Rating
  • Price
  • Stock
  • Availability
  • Add to cart
  • Description
  • Content
  • Weight
  • Dimensions
  • Additional information
  • Attributes
  • Custom attributes
  • Custom fields
Compare
Wishlist 0
Open wishlist page Continue shopping