Vulnerability Floors Vulnerability Database Site

NIST Needed a Week to Bring Website Back Online
Vulnerability Floors Vulnerability Database Site

A software vulnerability brought down the website that gives the public access to the National Vulnerability Database, which is run by the National Institute of Standards and Technology, the U.S. federal agency that produces information security guidance.

See Also: Improving Security Compliance in The Financial Industry With Data Privacy Regulations

Access to the public-facing website, nvd.nist.gov, that links to the National Vulnerability Database was restored March 15, one week after NIST discovered that malware had infected several of its web servers. NIST also shuttered and then restored several other websites because of the breach.

NIST says there's no evidence that the NVD or other NIST public pages infected users of the sites.

On March 8, firewall alerts detected suspicious activity and network managers took steps to block unusual traffic from reaching the Internet. "We saw the two Web servers attempting to send large numbers of Internet requests to specific external servers," NIST spokeswoman Gail Porter says. "When many different requests are sent at once to specific locations, the security systems alerted administrators to a possible (distributed) denial of service attack."

NIST managers investigating the anomaly discovered the compromise resulted from the exploitation of an Adobe ColdFusion software vulnerability, which allowed the intruder to gain unauthorized access to the server, install the malware and issue commands to the servers to carry out unauthorized actions. The compromise wasn't discovered until the malware launched a DDoS attack.

"To respond to this incident, NIST needed to rebuild a complex website following a detailed set of recovery protocols," Porter says, explaining why NIST took a week to restore the site. "NIST also validated about 200,000 entries to ensure the accuracy of the NDV database on a separate unaffected server."

Porter says NIST is implementing additional security processes to more quickly detect these vulnerabilities in the future. As an example, she cites updates to its intrusion detection systems and processes to monitor explicit attempts at exploiting the software vulnerability.

NIST also is reviewing and updating processes involving patch management, vulnerability scanning and security assessment for its public-facing Internet services as well as automating the application of secure configuration for all servers.

The National Vulnerability Database is a comprehensive NIST repository of information provided in standardized format that allows computers to conduct automated searches for the latest known vulnerabilities in hardware or software computing products. NIST says the database helps organizations and individuals better protect their computers against computer security threats. It is used by many different government and private-sector organizations.


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.