Read more articles in Cenzic SmartAttack Updates for Web Vulnerabilities
|
 |
| July 24, 2009 | | By detecting an IBM WebSphere Authentication Bypass Vulnerability and updating 4 other SmartAttacks, Cenzic provides even more robust Web application security | As of July 24, 2009 Cenzic now detects the IBM WebSphere IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability (Bugtraq ID 35671). The IETF and W3C XML Digital Signature Specification is prone to an Authentication Bypass Vulnerability. Attackers may exploit this issue to forge signatures to arbitrary XML data which may lead to further attacks. Enhancements to Cenzic Fault Injection SmartAttacks
The following Fault Injector SmartAttacks were enhanced to improve scanning accuracy and reduce scan time. By receiving new parameters called ‘URLs To Inject’ and ‘Fields To Inject’, a scan can be narrowed down to one specific request and/or field. This feature is useful for quick micro-scans of newly added fields or for preventing these fault injector SmartAttacks from injecting irrelevant fields. - Unix Command Injection (Version 1.5.6)
- Unix Relative Path (Version 1.5.6)
- Windows Command Injection (Version 1.5.6)
- Windows Relative Path (Version 1.5.6)
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson, Marketing
Eswanson@cenzic.com | | |
|
|
