THE CENZIC BLOG
Subscribe to the "Cenzic Detects the IBM WAS Username Token Option Session Hijacking Vulnerability" web feed.Subscription options
Read more articles in  Cenzic SmartAttack Updates for Web Vulnerabilities
.
April 03, 2009

Cenzic Detects the IBM WAS Username Token Option Session Hijacking Vulnerability

The IBM WAS Username Token Option Session Hijacking Vulnerability is now detected in the Cenzic Web Server SmartAttack

As of April 3, 2009, Cenzic now detects the IBM WebSphere Application Server (WAS) Username Token Option Session Hijacking Vulnerability. (BugtraqID 34330).

The IBM WebSphere Application Server is prone to a session hijacking vulnerability.  An attacker can exploit this issue to gain access to an authenticated session with the privileges of the hijacked user.

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture.   These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson
Eswanson@cenzic.com

.
PermalinkThe IBM WebSphere Application Server Username Token Option Session Hijacking Vulnerability
.Learn more about this vulnerability on Security Focus
.http://www.securityfocus.com/bid/34330/
Topic Tags:  ,
by Erin Swanson | ↑top | link to this#
Syndication OptionsRSS (Rich Site Summary) Feed Atom Feed OPML (Outline Processor Language) Feed MYST-ML (MyST Markup Language) Content Feed MS-Office Smart Tag Subscription