Securing Enterprise Applications - Cenzic Contact Us
Call 1-866-4-CENZIC (423-6942)
or email request@cenzic.com

home > lib-updates > 5.7s
lib-updates

spacer


Get Better Security
spacer

SmartAttack™ Library Update Readme

The following SmartAttacks and/or SmartAttack™ technologies have been added or updated in this release:

  • SQL Disclosure SmartAttack™
    • SA Release Type: SA Feature Addition. SQL Disclosure was changed to give report items for every 5xx and no-response responses to injections, which makes it consistent with other FIs. Also, the parameter Error Page Match Expression was not being used for this SA. That has been changed and this parameter works as expected.
  • Web Server Vulnerabilities SmartAttack™
    • Apache Tomcat Multiple Vulnerabilities; CVE Reference:CVE-2007-5333,CVE-2007-6286,SA26466. Some vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to manipulate certain data or to disclose sensitive information.
      1. An error exists within the native (APR based) connector when handling SSL requests. This can be exploited to trigger the duplicate processing of a recent request by connecting to the SSL port and disconnecting without sending data. The vulnerability is reported in versions 5.5.11 to 5.5.25, and 6.0.0 to 6.0.15.
      2. Input containing a quote or a %5C character in cookie values is incorrectly handled in an unspecified way, which can be exploited to disclose sensitive information including session IDs. The vulnerability is reported in versions 5.5.0 to 5.5.25, and 6.0.0 to 6.0.14. Detailed information is available at: http://secunia.com/advisories/28878/ Solution: Update to version 5.5.26 or 6.0.16.
5.7s Manual Updater

https://www.cenzic.com/download/ManualUpdater/11072008nj9eijeimceo9/Manualupdate_57_release_s.exe

CHSupdate_57_release_s.exe

It contains 5.7 updates up to 5.7s release.

Instructions to run the exe:
  1. Double click on CHSUpdater_57.exe.

Note: This update applies only to Cenzic Hailstorm 5.7 and higher. If you have not updated to 5.7 yet, please contact Cenzic Support at support@cenzic.com or 1-866-4CENZIC

Cenzic's dedicated CIA experts focus exclusively on perform ongoing research to not only analyze known vulnerabilities but also discover new or undisclosed vulnerabilities in custom, commercial, and open-source applications, and to make this information available to customers and to the community at large in the form of publications and security alerts. The CIA Web Server Configuration SmartAttack™ was created so that recently discovered vulnerabilities can be integrated into Hailstorm on a fast-response basis.


Application security

COMPANY   |   PRODUCTS & SERVICES   |   SUPPORT   |   NEWS   |   CUSTOMERS   |   PARTNERS   |   CIA RESEARCH   |   CONTACT   |   LEGAL   |   PRIVACY   |   SITE MAP   |   HOME

© Copyright 2008 Cenzic