SmartAttack™ Library Update Readme
The following SmartAttacks and/or SmartAttack™ technologies have been
added or updated in this release:
- CIA Web Server Configuration
- Apache Tomcat Exception Handling Information Disclosure; CVE Reference:CVE-2008-0002, Secunia Advisory:SA28834
- A security issue has been reported in Apache Tomcat, which can be exploited by malicious people to disclose potentially sensitive information.
- The security issue is caused due to the improper handling of exceptions taking place when the request parameters are being processed. This can lead to the processing of the same parameters in a subsequent request if an exception takes place (e.g. the connection is closed).
- The security issue is reported in versions 6.0.5 through 6.0.15.
- Detailed information is available at: http://secunia.com/advisories/28834/
- Solution: Update to version 6.0.16.
5.5au Manual Updater
https://www.cenzic.com/download/ManualUpdater/11142008fdjfd8edeije9/Manualupdate_55_release_au.exe
CHSupdate_55_release_au.exe
It contains 5.5 updates up to 5.5au release.
Instructions to run the exe:
- Double click on
CHSUpdater_55.exe.
Note: This update applies only to Cenzic Hailstorm 5.5 and higher. If
you have not updated to 5.5 yet, please contact Cenzic Support at
support@cenzic.com or 1-866-4CENZIC
Cenzic's dedicated CIA experts focus exclusively on perform ongoing
research to not only analyze known vulnerabilities but also discover new
or undisclosed vulnerabilities in custom, commercial, and open-source
applications, and to make this information available to customers and to
the community at large in the form of publications and security
alerts. The CIA Web Server Configuration SmartAttack™ was created so that
recently discovered vulnerabilities can be integrated into Hailstorm on a
fast-response basis.
|
