A domain of Apache has been compromised by an XSS attack and appears to be via a URL shortener.
is briefly what happened: The
- April 5 has been compromised by Slicehost http://tinyurl.com/xxxxxxxxx getting access to Apache JIRA instance. The above URL ( obscured ) contained a string that allowed XSS to steal session cookies of other users logged on.
At the same time the attackers start a brute force attack against login.jsp. - On April 6 methods of attack bear fruit, and having obtained the Administrative privileges, attackers disable notifications to a project and upload a backdoor.
- The morning of April 9 attackers to install JAR files in the collection of all the credentials and then send an email to reset to the development team, who believed to have a simple error, modify the their credentials.
One of these new password happened to be the same for a user account to brutus.apache.org . The attackers were well able to access the above machine and to take full possession.
- 6 hours later it started to reset the password by the aggressors and the arrest of services
- The April 10 JIRA and Bugzilla were UP again
- The 13 was provided by Atlassian patches to prevent XSS attacks, JRA-20994 and JRA-20995
0 comments:
Post a Comment