Read more articles in Cenzic SmartAttack Updates for Web Vulnerabilities
|
 |
| May 01, 2009 | | The IBM WebSphere Application Server Forced Logout Session Hijacking Vulnerability is now detectable in the Cenzic Web Server SmartAttack | As of May 1, 2009, Cenzic can now detect the IBM WebSphere Application Server Forced Logout Session Hijacking Vulnerability (BugtraqID 34501). An attacker can exploit this issue to gain access to an authenticated session with the privileges of the hijacked user. This week’s product update also includes an enhancement to our Acquire Session ID SmartAttack (version 1.2.4.). This SmartAttack now has a more synchronized code, extended support for indentifying custom name session tokens, and minor bug fixes. It’s also expected to work more accurately with other session SmartAttacks (CSRF, Clickjacking) to help them identify custom name tokens. Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
Eswanson@cenzic.com | | |
|
|
