| Monthly Archives |  | March, 2010 | | February, 2010 | | January, 2010 | | December, 2009 | | November, 2009 | | October, 2009 | | September, 2009 | | August, 2009 | | July, 2009 | | June, 2009 | | May, 2009 | | April, 2009 | | March, 2009 | | February, 2009 | | January, 2009 | | December, 2008 | | November, 2008 | | October, 2008 | | September, 2008 | | August, 2008 | | July, 2008 | | June, 2008 | | May, 2008 |
|  | THE CENZIC BLOG Cenzic SmartAttack Updates for Web Vulnerabilities | Latest web application vulnerabilities integrated into the Cenzic product suite. | |
This blog features the latest vulnerabilities in web / website applications (custom, commercial, and open-source)
that have been integrated into the Cenzic's website security product suite on a weekly basis.
These web application vulnerabilities include cross site scripting,
buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.
| |
|
| | March 12, 2010 | | Weekly product update – Cenzic detects an Apache Denial of Service Vulnerability | As of March 12, 2010 Cenzic now detects an Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability (BugtraqID 38491). Successful exploits may allow remote attackers to cause denial-of-service conditions.
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.
by
Erin Swanson
Eswanson@cenzic.com | | |
| | March 05, 2010 | | Weekly product update – Cenzic detects a PHP Validation Restriction-Bypass Vulnerability | As of March 5, 2010 Cenzic now detects a PHP 'tempnam()' 'safe_mode' Validation Restriction-Bypass Vulnerability (BugtraqID 38431). Successful exploits allow attackers to access files in unauthorized locations or create files in any writable directory. This vulnerability is an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; the 'safe_mode' restrictions are assumed to isolate users from each other. PHP 5.2.12 and prior versions are affected.
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.
by
Erin Swanson
Eswanson@cenzic.com | | |
| | February 26, 2010 | | Weekly product update – Cenzic detects a Sun Java System App Server HTTP TRACE Information Disclosure Vulnerability | As of February 26, 2010 Cenzic now detects a Sun Java System App Server HTTP TRACE Information Disclosure Vulnerability (BugtraqID 37995). The Sun Java System Application Server is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to obtain potentially sensitive information that can aid in further attacks.
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.
by
Erin Swanson
Eswanson@cenzic.com | | |
| | February 19, 2010 | | Weekly product update – Cenzic detects a Sun Java System Web Server Denial Of Service Vulnerability | As of February 19, 2010 Cenzic now detects a Sun Java System Web Server 'admin' Server Denial of Service Vulnerability (BugtraqID 37909). An attacker can exploit this issue to crash the effected application, denying service to legitimate users. Sun Java System Web Server 7.0 Update 6 is affected; other versions may also be vulnerable.
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.
by
Erin Swanson
Eswanson@cenzic.com | | |
| | February 12, 2010 | | Weekly product update – Cenzic detects an IBM WAS Security Bypass Vulnerability | As of February 12, 2010 Cenzic now detects an IBM WebSphere Application Server 'Requires SSL' Option Security Bypass Vulnerability (BugtraqID 38122). IBM WebSphere Application Server (WAS) is prone to a security-bypass vulnerability. Successful exploits allow attackers to bypass certain security restrictions, which may lead to other attacks. This issue affects WAS 7.0 through 7.0.0.8.
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.
Have a great 3-day weekend everyone!
by
Erin Swanson
Eswanson@cenzic.com | | |
| | February 05, 2010 | | Weekly product update – Cenzic detects an Apache Integer Overflow Vulnerability | As of February 5, 2010 Cenzic now detects an Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability (BugtraqID 37966). An attacker can exploit the Apache remote integer overflow vulnerability and execute arbitrary code. Successful exploits will compromise affected computers. Failed exploit attempts will result in a denial-of-service condition. Note that this issue affects platforms on which 'sizeof(int)' is less than 'sizeof(long)'. In particular, this occurs on some 64-bit architectures. Versions prior to Apache 1.3.42 are vulnerable.
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.
by
Erin Swanson
Eswanson@cenzic.com | | |
|
|
| | |
