Critical vulnerability in AJAX technology – Web 2.0 applications at risk

Imperva Application Defense Center announced the discovery of a critical vulnerability in DWR (Direct Web Reporting), a key underlying technology in the AJAX web application development framework. This client-side vulnerability can be exploited to launch Denial of Service (DoS) attacks and break into back-end servers and databases.

Since AJAX executes a much larger proportion of application logic in the web browser than traditional web applications, it exposes a broader attack surface to client-side exploits used by attackers to target sensitive back-end servers directly. The ADC has published a security advisory that details the DWR vulnerability and how to mitigate attacks.