5 Top Security Flaw Found in Corporate Networks

1. Most common flaw is "IIS: WebDAV overflow" outlined by Microsoft in MS03-007. According to Microsoft, this vulnerability can allow an attacker to run code of the attacker’s choice on the affected server and has a severity rating of critical with Windows 2000 servers running IIS are especially vulnerable and should be patched immediately.
2. The Apache 1.3.31 htpasswd local overflow flaw. This vulnerability affects all Apache Web servers with version numbers up to and including 1.3.31. The vulnerability is linked to a buffer overflow in the htpasswd command, which could allow an attacker to execute arbitrary code on the system with the same privileges as the httpd process. The recommended fix for this vulnerability is to upgrade to a version of Apache later then 1.3.31.
3. Another prevalent vulnerability is the "IIS FrontPage ISAPI denial of service". According to Microsoft, hackers can exploit this vulnerability to generate denial-of-service attacks on Web sites running Microsoft’s FrontPage Web server," the company said. This is fixed in patch Q319733 from Microsoft and is listed in Microsoft Security Bulletin MS02-018.
4. The other vulnerabilities are the "OpenSSH 3.7.1, php arbitrary file upload" and the "Apache mod_access rule bypass."
5. Hacker attacks and break-ins of corporate networks is growing. It is estimated that Internet-based disruptions that are being incurred by businesses from security-related causes such as worms and other online-related attacks cost corporations an average of over a million dollars an incident.

Updated On: 12.12.19