Google patches critical flaws in enterprise search appliance


Google patches critical flaws in enterprise search appliance

Antony Savvas

Google has issued a patch to cover a range of security holes in its Google Mini enterprise search appliance.

The Google Mini is a scaled down version of the higher-end Google Search Appliance, and is sold to firms with up to about 1,000 employees or to departments within larger organisations.

Internet security researcher Metasploit Project reported several bugs in the system that allowed remote attackers to read stored files, take over corporate systems and conduct cross-site scripting attacks.

Secunia, another internet security firm, described the flaws as “highly critical”.

Flaws were discovered in a feature that allows customisation of the Google Mini’s search interface through XSLT (Extensible Style-sheet Language Transformations) style-sheets.

These flaws allowed hackers to launch malicious attacks. Google said it wasn’t aware of any attacks on its customers as a result of the flaws.


Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy