Google patches critical flaws in enterprise search appliance


Google patches critical flaws in enterprise search appliance

Antony Savvas

Google has issued a patch to cover a range of security holes in its Google Mini enterprise search appliance.

The Google Mini is a scaled down version of the higher-end Google Search Appliance, and is sold to firms with up to about 1,000 employees or to departments within larger organisations.

Internet security researcher Metasploit Project reported several bugs in the system that allowed remote attackers to read stored files, take over corporate systems and conduct cross-site scripting attacks.

Secunia, another internet security firm, described the flaws as “highly critical”.

Flaws were discovered in a feature that allows customisation of the Google Mini’s search interface through XSLT (Extensible Style-sheet Language Transformations) style-sheets.

These flaws allowed hackers to launch malicious attacks. Google said it wasn’t aware of any attacks on its customers as a result of the flaws.


Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy