Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Google appliances vulnerable
Published: 2005-11-23

Everyone's favorite technology company was given 60 business days to patch their search appliances. Unfortunately, even with the long grace period many appliances remain unpatched.

Back in June security researcher H.D. Moore discovered weaknesses in the Google Search Appliance that can allow for cross-site scripting, file discovery, service enumeration, and arbitrary command execution in certain versions of the appliance. Google promptly released a patch in mid-August, however more than three months later many appliances still remain vulnerable.

A small sample of 43 appliances taken this week showed that 23 remained vulnerable, 8 were patched, and the status of 12 could not be determined. If this sample is representative of all deployed Google Search Appliances, more than half may still be vulnerable. Following responsible disclosure guidelines, Moore published his findings this week.

Thanks to H.D. Moore of the Metasploit Project for suggesting this news item.

Posted by: Kelly Martin
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus