THE CENZIC BLOG
Subscribe to the "Cenzic Detects an Apache Tomcat Authentication Vulnerability" web feed.Subscription options
Read more articles in  Cenzic SmartAttack Updates for Web Vulnerabilities
.
June 12, 2009

Cenzic Detects an Apache Tomcat Authentication Vulnerability

An Apache Tomcat Authentication Vulnerability is now detectable in the Cenzic Web Server SmartAttack

As of June 12, 2009, Cenzic can detect the Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness Vulnerability (BugtraqID 35196).  Apache Tomcat is prone to a username-enumeration weakness because it displays different responses to login attempts, depending on whether or not the username exists.  Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications.  These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson
Eswanson@cenzic.com

.
PermalinkApache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness Vulnerability
.Learn more about this vulnerability on Security Focus
.http://www.securityfocus.com/bid/35196/
Topic Tags:  ,
by Erin Swanson | ↑top | link to this#
Syndication OptionsRSS (Rich Site Summary) Feed Atom Feed OPML (Outline Processor Language) Feed MYST-ML (MyST Markup Language) Content Feed MS-Office Smart Tag Subscription