THE CENZIC BLOG
Subscribe to the "Cenzic Detects an Oracle WebLogic Server Encoded URL Remote Vulnerability & Updates 1 SmartAttack™" web feed.Subscription options
Read more articles in  Cenzic SmartAttack Updates for Web Vulnerabilities
.
July 23, 2010

Cenzic Detects an Oracle WebLogic Server Encoded URL Remote Vulnerability & Updates 1 SmartAttack™

Weekly product update – Cenzic detects an Oracle WebLogic Server Encoded URL Remote Vulnerability & Updates 1 SmartAttack™

As of July 23, 2010 Cenzic now detects an Oracle WebLogic Server Encoded URL Remote Vulnerability (BugtraqID 41620). Oracle WebLogic Server is prone to a remote vulnerability. The vulnerability can be exploited over the 'HTTP' protocol.  For an exploit to succeed, the attacker must have 'Plugins for Apache, Sun and IIS web servers' privileges.

We also enhanced our Acquire Session ID SmartAttack™ to find Web application session information more accurately to aid the user in running session SmartAttacks out-of-the-box. 

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications.  These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson
Eswanson@cenzic.com

.
PermalinkOracle WebLogic Server Encoded URL Remote Vulnerability
.Learn more about this vulnerability on Security Focus
.http://www.securityfocus.com/bid/41620/info
Topic Tags:  ,
by Erin Swanson | ↑top | link to this#
Syndication OptionsRSS (Rich Site Summary) Feed Atom Feed OPML (Outline Processor Language) Feed MYST-ML (MyST Markup Language) Content Feed MS-Office Smart Tag Subscription