Palo Alto, CA - October 22, 2012 ERPScan has been acknowledged by Oracle for helping to close a dangerous vulnerability in their JAVA machine. A vulnerability of this type was first shown by Alexander Polyakov, ERPScan CTO, at BlackHat back in July 2012. That one had been found in the JVM used in SAP NetWeaver, but a similar issue was immediately found in Oracle JVM, too. The cooperation between Oracle and ERPScan led to relatively quick extermination of the issue.
An SSRF vulnerability (in this case, XXE Tunneling was exploited) allows proxying malicious requests through a vulnerable host and thus conducting advanced attacks.
This type of attack is extremely interesting. Lately, in the course of our pen-testing projects, we find such problems in all but every internet-based system. Granted, on top of compromising the target system, attackers can use such issues to get into corporate resources, then into ERPs, CRMs, SRMs, and other critical systems as long as they are connected to an external system.
– Alexey Tyurin, head of IS audit department
Actually, the topic of SSRF vulnerabilities is much wider. We will present a new classification of them at the POC conference in Seoul, on October 8. In all, this class of vulnerabilities is currently one of the most interesting infosec research directions.
– Alexander Polyakov