|  | Cenzic SmartAttack Updates for Web Vulnerabilities | Latest web application vulnerabilities integrated into the Cenzic product suite. | |
This blog features the latest vulnerabilities in web / website applications (custom, commercial, and open-source)
that have been integrated into the Cenzic's website security product suite on a weekly basis.
These web application vulnerabilities include cross site scripting,
buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.
| |
|
| | November 14, 2008 | | Cenzic provides enhanced support for its Web Server and Cross-Site Scripting Vulnerability SmartAttacks | On November 14, 2008, Cenzic added enhanced support to both their Web Server and Cross-Site Scripting Vulnerability SmartAttacks. Details about these updates are listed below. Cross-Site Scripting Vulnerability SmartAttack - A feature addition and a Bugfix were added to our Cross-Site Scripting SmartAttack due to a customer request who needed an enhanced way to detect this vulnerability.
Web Server Vulnerability SmartAttack - Apache Tomcat Exception Handling Information Disclosure (CVE-2008-0002)
- A security issue has been reported in Apache Tomcat that causes improper handling of exceptions taking place when the request parameters are being processed. This can lead to the processing of the same parameters in a subsequent request if an exception takes place (e.g. the connection is closed).
To learn more details on how you can automatically update your Cenzic Hailstorm product, visit our Website.
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
ESwanson@cenzic.com | | |
| | November 10, 2008 | | Cenzic provides enhanced support for its Web Server and SQL Vulnerability SmartAttacks | On November 7, 2008, Cenzic added enhanced support to both their Web Server and SQL Disclosure Vulnerability SmartAttacks. Details about these updates are listed below. SQL Disclosure Vulnerability SmartAttack - SQL Disclosure was changed to give report items for every 5xx and no-response responses to injections, which makes it consistent with other fault injectors. Also, the parameter Error Page Match Expression is now being used.
Web Server Vulnerability SmartAttack - Apache Tomcat Multiple Vulnerabilities (CVE Reference: CVE-2007-5333, CVE-2007-6286, SA26466)
- These moderately critical vulnerabilities have been reported in Apache Tomcat, can be exploited by malicious people to manipulate certain data or to disclose sensitive information.
- Users can also update to version 5.5.26 or 6.0.16
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson, Marketing
ESwanson@cenzic.com | | |
| | October 31, 2008 | | Cenzic provides enhanced support for its Web Server Vulnerabilities SmartAttack | In this week’s SmartAttack release, Cenzic’s SmartAttack arsenal now has enhanced support for: To learn more details on how you can automatically update your Cenzic Hailstorm product, visit our Website. Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
Eswanson@cenzic.com | | |
| | October 24, 2008 | | Cenzic provides enhanced support for their Blind SQL Injection and Web Server Vulnerability SmartAttacks |  In this week’s SmartAttack release, Cenzic’s SmartAttack arsenal now has enhanced support for:
To learn more details on how you can automatically update your Cenzic Hailstorm product, visit our Website. Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
ESwanson@cenzic.com | | |
| | October 17, 2008 | | Cenzic provides enhanced support for their Parameter Addition, Session Hijacking, and Privilege Escalation SmartAttacks | In this week’s SmartAttack release, Cenzic’s SmartAttack arsenal now has enhanced support for: - Parameter Addition,
- Session Hijacking,
- Privilege Escalation,
- And our Web Server Vulnerabilities SmartAttack
-Tomcat may let Remote User access restricted context (SecurityTracker Alert ID: 1021039)
To learn more details on how you can automatically update your Cenzic Hailstorm product, visit our Website. Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
ESwanson@cenzic.com | | |
| | October 10, 2008 | | Cenzic provides enhanced support for their CSRF, Session Fixation, and Web Server Vulnerabilities SmartAttacks | In this week’s SmartAttack release, Cenzic Cenzic’s SmartAttack arsenal now has enhanced support for: To learn more details on how you can automatically update your Cenzic Hailstorm product, visit our Website. Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
ESwanson@cenzic.com | | |
| | October 03, 2008 | | Cenzic provides enhanced support for their Ineffective Session Termination SmartAttack as well as others | In this week’s SmartAttack release, Cenzic’s arsenal now has enhanced support for the following: - Ineffective Session Termination
- Pages Requiring Cookies
- Browse HTTP from HTTPS List
- Web Server Vulnerabilities SmartAttack
- PHP ‘create_function()’ Code Injection Weakness (BugtraqID 31398)
To learn more details on how you can automatically update your Cenzic Hailstorm product, visit our Website. Background on Cenzic’s SmartAttacks Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
ESwanson@cenzic.com | | |
|
|
| | |
