| Monthly Archives |  | June, 2009 | | May, 2009 | | April, 2009 | | March, 2009 | | February, 2009 | | January, 2009 | | December, 2008 | | November, 2008 | | October, 2008 | | September, 2008 | | August, 2008 | | July, 2008 | | June, 2008 | | May, 2008 |
|  | THE CENZIC BLOG Cenzic SmartAttack Updates for Web Vulnerabilities | Latest web application vulnerabilities integrated into the Cenzic product suite. | |
This blog features the latest vulnerabilities in web / website applications (custom, commercial, and open-source)
that have been integrated into the Cenzic's website security product suite on a weekly basis.
These web application vulnerabilities include cross site scripting,
buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.
| |
|
| | June 26, 2009 | | The HTTP Parameter Pollution Vulnerability is now detectable in Cenzic’s 6.0 release as a new SmartAttack category | As of June 26, 2009, Cenzic added its 101st SmartAttack to its latest 6.0 product suite: HTTP Parameter Pollution Vulnerability (version 1.0). Published just a few days back, the HTTP Parameter Pollution Vulnerability is one of the newest ways hackers can exploit Web applications. It pinpoints the anomaly in handling multiple occurrences of the same parameter by various platforms. This vulnerability plays the role of the "enabler", which can be exploited by an attacker to further craft complex and destructive attacks. Due to the devastating nature of this attack, we created a new SmartAttack immediately to enable our customers to detect such vulnerabilities and avoid further attacks. Web Server Vulnerabilities SmartAttack Update In this week’s update, we’ve also enhanced our Web Server Vulnerabilities SmartAttack to it can detect the PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability (BugtraqID 35440). PHP is prone to a denial-of-service vulnerability in its 'exif_read_data()' function. Successful exploits may allow remote attackers to cause denial-of-service conditions in applications that use the vulnerable function. Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
Eswanson@cenzic.com | | |
| | June 19, 2009 | | An Apache Tomcat XML Parser Information Disclosure Vulnerability is now detectable in the Cenzic Web Server SmartAttack | As of June 19, 2009, Cenzic can detect the Apache Tomcat XML Parser Information Disclosure Vulnerability (BugtraqID 35416). Apache Tomcat is prone to an Information Disclosure Vulnerability where attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
Eswanson@cenzic.com | | |
| | June 12, 2009 | | An Apache Tomcat Authentication Vulnerability is now detectable in the Cenzic Web Server SmartAttack | As of June 12, 2009, Cenzic can detect the Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness Vulnerability (BugtraqID 35196). Apache Tomcat is prone to a username-enumeration weakness because it displays different responses to login attempts, depending on whether or not the username exists. Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks. Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
Eswanson@cenzic.com | | |
| | June 05, 2009 | | An Apache Tomcat Denial of Service Vulnerability is now detectable in the Cenzic Web Server SmartAttack |  As of June 5, 2009, Cenzic can detect the Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability (BugtraqID 35193). Apache Tomcat is prone to a denial-of-service vulnerability. Attackers can exploit this issue and cause the server to end up in an error state, denying service to legitimate users.
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
Eswanson@cenzic.com | | |
|
|
| | |
