June 19, 2009

Cenzic Detects an Apache Tomcat XML Parser Information Disclosure Vulnerability

An Apache Tomcat XML Parser Information Disclosure Vulnerability is now detectable in the Cenzic Web Server SmartAttack

As of June 19, 2009, Cenzic can detect the Apache Tomcat XML Parser Information Disclosure Vulnerability (BugtraqID 35416). Apache Tomcat is prone to an Information Disclosure Vulnerability where attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson
Eswanson@cenzic.com


	Apache Tomcat XML Parser Information Disclosure Vulnerability
	Learn more about this vulnerability on Security Focus
	http://www.securityfocus.com/bid/35416/

Topic Tags: apache, information disclosure vulnerability

by Erin Swanson

↑top

link to this

Post a Comment

Title:

Summary:

Comment:

Links:

Your info:

Name:		Required; will be displayed with comment.
E-mail:		Required (in case we need to contact you); will NOT be displayed with comment.
Web:		Optional; will use to hyperlink your name in the comment.
Twitter:		Optional; allows visitors to follow you on Twitter.
Save this in my browser

Verification:

Type the characters you see in the picture above.

Letters are case sensitive.

Notice: Your thoughtful opinions are valued and encouraged, but all comments are moderated so there will be a delay between the time you post your comment and when it appears in this site. Please don't be offended if your comment is edited for clarity or to avoid questionable matters. Offensive or off-topic comments will be deleted.