Server Side Vulnerability Reported In AJAX
A key vulnerability has been reported in Direct Web Reporting of AJAX framework by Imperva. This is being regarded as the first server side vulnerability and the flaw could be misused to compromise an application based on AJAX. Imperva states that it is access control vulnerability and enables attackers break into back end databases and servers or launch a DoS attack.
More of such vulnerabilities are expected in the server side framework and application programmers must rectify this flaw otherwise their applications might bear the brunt. Imperva has issued guidance in this regard for plugging the flaw. Know more about it on the website of Imperva.
January 5th, 2007 at 7:12 am
A fix has already been released for this.
http://getahead.ltd.uk/blog/joe/2007/01/04/new_dwr_releases.html