This incident occured at 10:13 on 10th September.
Due to an incorrect configuration in a private account on one of the CMS Web servers, it became possible to overwrite a Web page. The issue was detected within a few hours and full CMS operations were always guaranteed.
The problem is understood, has been corrected, and as part of the review process started by CMS, the affected service has been terminated.
Security issues in Web applications are a common threat, and the CERN Security Team recommends all service managers to review the security of their web applications. More information is available at:
http://cern.ch/security/webapps/
The CERN Security Team
|