Vulnerability Floors Vulnerability Database SiteNIST Needed a Week to Bring Website Back Online
A software vulnerability brought down the website that gives the public access to the National Vulnerability Database, which is run by the National Institute of Standards and Technology, the U.S. federal agency that produces information security guidance.
Access to the public-facing website, nvd.nist.gov, that links to the National Vulnerability Database was restored March 15, one week after NIST discovered that malware had infected several of its web servers. NIST also shuttered and then restored several other websites because of the breach.
NIST says there's no evidence that the NVD or other NIST public pages infected users of the sites.
On March 8, firewall alerts detected suspicious activity and network managers took steps to block unusual traffic from reaching the Internet. "We saw the two Web servers attempting to send large numbers of Internet requests to specific external servers," NIST spokeswoman Gail Porter says. "When many different requests are sent at once to specific locations, the security systems alerted administrators to a possible (distributed) denial of service attack."
NIST managers investigating the anomaly discovered the compromise resulted from the exploitation of an Adobe ColdFusion software vulnerability, which allowed the intruder to gain unauthorized access to the server, install the malware and issue commands to the servers to carry out unauthorized actions. The compromise wasn't discovered until the malware launched a DDoS attack.
"To respond to this incident, NIST needed to rebuild a complex website following a detailed set of recovery protocols," Porter says, explaining why NIST took a week to restore the site. "NIST also validated about 200,000 entries to ensure the accuracy of the NDV database on a separate unaffected server."
Porter says NIST is implementing additional security processes to more quickly detect these vulnerabilities in the future. As an example, she cites updates to its intrusion detection systems and processes to monitor explicit attempts at exploiting the software vulnerability.
NIST also is reviewing and updating processes involving patch management, vulnerability scanning and security assessment for its public-facing Internet services as well as automating the application of secure configuration for all servers.
The National Vulnerability Database is a comprehensive NIST repository of information provided in standardized format that allows computers to conduct automated searches for the latest known vulnerabilities in hardware or software computing products. NIST says the database helps organizations and individuals better protect their computers against computer security threats. It is used by many different government and private-sector organizations.