Read more articles in Cenzic SmartAttack Updates for Web Vulnerabilities
|
 |
| November 10, 2008 | | Cenzic provides enhanced support for its Web Server and SQL Vulnerability SmartAttacks | On November 7, 2008, Cenzic added enhanced support to both their Web Server and SQL Disclosure Vulnerability SmartAttacks. Details about these updates are listed below. SQL Disclosure Vulnerability SmartAttack - SQL Disclosure was changed to give report items for every 5xx and no-response responses to injections, which makes it consistent with other fault injectors. Also, the parameter Error Page Match Expression is now being used.
Web Server Vulnerability SmartAttack - Apache Tomcat Multiple Vulnerabilities (CVE Reference: CVE-2007-5333, CVE-2007-6286, SA26466)
- These moderately critical vulnerabilities have been reported in Apache Tomcat, can be exploited by malicious people to manipulate certain data or to disclose sensitive information.
- Users can also update to version 5.5.26 or 6.0.16
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson, Marketing
ESwanson@cenzic.com | | |
|
|
