Read more articles in Cenzic SmartAttack Updates for Web Vulnerabilities
|
 |
| April 10, 2009 | | The Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability is now detectable in the Cenzic Web Server SmartAttack | As of April 10, 2009, Cenzic can now detect the Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability (BugtraqID 34412). The 'mod_jk' module for Apache Tomcat is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Cenzic also enhanced its Acquire Session ID SmartAttack so it better manages custom session IDs, one-time session IDs, and “destructive” session tokens. We also strengthened dependent SmartAttacks such as CSRF and Clickjacking. Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
Eswanson@cenzic.com | | |
|
|
