TechTarget

Google patches critical flaws in enterprise search appliance

Google has issued a patch to cover a range of security holes in its Google Mini enterprise search appliance.

Google has issued a patch to cover a range of security holes in its Google Mini enterprise search appliance.

The Google Mini is a scaled down version of the higher-end Google Search Appliance, and is sold to firms with up to about 1,000 employees or to departments within larger organisations.

Internet security researcher Metasploit Project reported several bugs in the system that allowed remote attackers to read stored files, take over corporate systems and conduct cross-site scripting attacks.

Secunia, another internet security firm, described the flaws as “highly critical”.

Flaws were discovered in a feature that allows customisation of the Google Mini’s search interface through XSLT (Extensible Style-sheet Language Transformations) style-sheets.

These flaws allowed hackers to launch malicious attacks. Google said it wasn’t aware of any attacks on its customers as a result of the flaws.


 

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close