Read more articles in Cenzic SmartAttack Updates for Web Vulnerabilities
|
 |
| November 14, 2008 | | Cenzic provides enhanced support for its Web Server and Cross-Site Scripting Vulnerability SmartAttacks | On November 14, 2008, Cenzic added enhanced support to both their Web Server and Cross-Site Scripting Vulnerability SmartAttacks. Details about these updates are listed below. Cross-Site Scripting Vulnerability SmartAttack - A feature addition and a Bugfix were added to our Cross-Site Scripting SmartAttack due to a customer request who needed an enhanced way to detect this vulnerability.
Web Server Vulnerability SmartAttack - Apache Tomcat Exception Handling Information Disclosure (CVE-2008-0002)
- A security issue has been reported in Apache Tomcat that causes improper handling of exceptions taking place when the request parameters are being processed. This can lead to the processing of the same parameters in a subsequent request if an exception takes place (e.g. the connection is closed).
To learn more details on how you can automatically update your Cenzic Hailstorm product, visit our Website.
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
ESwanson@cenzic.com | | |
|
|
