As of March 13, 2009, Cenzic now protects against the IBM WebSphere Application Server WSPolicy Information Disclosure Vulnerability. (BugtraqID 33879). The IBM WebSphere Application Server (WAS) is prone to a local information-disclosure vulnerability because it fails to properly recognize a certain access policy. Exploiting this issue may allow a local attacker to access sensitive information that may aid in further attacks. Additionally, Cenzic updated its attack library to enable Hailstorm users to control the number of injections performed by each Fault Injector SmartAttack on each field in the Web Application at a granular level, including: Remote File Inclusion (1.0.5)
Application Exception (1.5.2)
Application Path Disclosure (1.0.2)
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
Eswanson@cenzic.com | 
