As of August 27, 2010 Cenzic now detects a PHP 'ibase_gen_id()' Function off-by-one Buffer Overflow Vulnerability (BugtraqID 42516).  PHP is prone to an off-by-one buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.   A hacker can exploit this issue to execute arbitrary machine code in the context of the PHP process.  Failed exploit attempts will likely crash the web server, denying service to legitimate users.  PHP 5.3.3 is vulnerable; other versions may also be affected.

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications.  These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson
Eswanson@cenzic.com

As of August 20, 2010 Cenzic now detects a Sun Java System Web Server Admin Interface Denial of Service Vulnerability (BugtraqID 41389).  Sun Java System Web Server is prone to a denial-of-service vulnerability.  An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Sun Java System Web Server 7.0 Update 7 is affected; other versions may also be vulnerable.

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications.  These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson
Eswanson@cenzic.com

As of August 13, 2010 Cenzic created a brand new SmartAttack, Unrestricted File Upload, bringing the total attack category library to 107.  The new SmartAttack checks various flaws present in the "file upload" functionality. Presence of these flaws may result in various attacks like Cross-Site Scripting, Malware hosting, etc.

Along in this weekly product update, Cenzic can also detect PHP Multiple Vulnerabilities like Remote Code Execution, Unauthorized Access Attacks (BugtraqID 41991).  PHP is prone to multiple security vulnerabilities that an attacker can exploit to execute arbitrary code, crash the affected application, gain access to sensitive information, and bypass security restrictions.  Other attacks are also possible.  Versions PHP 5.3 (Prior to 5.3.3) and PHP 5.2 (Prior to 5.2.14) are affected.

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications.  These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson
Eswanson@cenzic.com

As of August 6, 2010 Cenzic now detects an Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability (BugtraqID 42102).  Attackers can leverage this issue to gain access to sensitive information that can aid in further attacks.  Apache 2.2.9 on Unix is vulnerable.

We also enhanced our Session ID in URL SmartAttack so it can detect session ids that are stored in unconventional ways (e.g. in a URL path parameter).  This enhancement enables the SmartAttack to perform more accurately.

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications.  These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson
Eswanson@cenzic.com