As of June 26, 2009, Cenzic added its 101st SmartAttack to its latest 6.0 product suite: HTTP Parameter Pollution Vulnerability (version 1.0). Published just a few days back, the HTTP Parameter Pollution Vulnerability is one of the newest ways hackers can exploit Web applications. It pinpoints the anomaly in handling multiple occurrences of the same parameter by various platforms. This vulnerability plays the role of the "enabler", which can be exploited by an attacker to further craft complex and destructive attacks. Due to the devastating nature of this attack, we created a new SmartAttack immediately to enable our customers to detect such vulnerabilities and avoid further attacks. Web Server Vulnerabilities SmartAttack Update In this week’s update, we’ve also enhanced our Web Server Vulnerabilities SmartAttack to it can detect the PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability (BugtraqID 35440). PHP is prone to a denial-of-service vulnerability in its 'exif_read_data()' function. Successful exploits may allow remote attackers to cause denial-of-service conditions in applications that use the vulnerable function. Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
Eswanson@cenzic.com | 
