Read more articles in Cenzic SmartAttack Updates for Web Vulnerabilities
|
 |
| January 29, 2010 | | Weekly product update – Cenzic detects 3 Apache Tomcat Vulnerabilities | As of January 29, 2010 Cenzic now detects 3 Apache Tomcat vulnerabilities in its product suite. All of the vulnerabilities affect the following Apache versions:
Tomcat 5.5.0 through 5.5.28
Tomcat 6.0.0 through 6.0.20
- Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability (BugtraqID 37942)
Apache Tomcat is prone to an authentication-bypass vulnerability. An attacker can gain unauthorized access to files and directories. Successful exploits may lead to other attacks.
- Apache Tomcat WAR File Directory Traversal Vulnerability (BugtraqID 37944)
Apache Tomcat is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue allows attackers to delete or overwrite arbitrary files within the context of the webserver.
- Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability (BugtraqID 37945),
Apache Tomcat is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue allows attackers to delete arbitrary files within the context of the current working directory.
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.
by
Erin Swanson
Eswanson@cenzic.com | | |
|
|
