Google has issued a patch to cover a range of security holes in its Google Mini enterprise search appliance.
The Google Mini is a scaled down version of the higher-end Google Search Appliance, and is sold to firms with up to about 1,000 employees or to departments within larger organisations.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Internet security researcher Metasploit Project reported several bugs in the system that allowed remote attackers to read stored files, take over corporate systems and conduct cross-site scripting attacks.
Secunia, another internet security firm, described the flaws as “highly critical”.
Flaws were discovered in a feature that allows customisation of the Google Mini’s search interface through XSLT (Extensible Style-sheet Language Transformations) style-sheets.
These flaws allowed hackers to launch malicious attacks. Google said it wasn’t aware of any attacks on its customers as a result of the flaws.