Securing Enterprise Applications - Cenzic Contact Us
Call 1-866-4-CENZIC (423-6942)
or email request@cenzic.com

home > lib-updates > 5.7t
lib-updates

spacer


Get Better Security
spacer

SmartAttack™ Library Update Readme

The following SmartAttacks and/or SmartAttack™ technologies have been added or updated in this release:

  • Cross-Site Scripting SmartAttack™ (Version 2.0.15)
    • SA Release Type: SA Feature Addition and SA Bugfix
      1. Keeping in mind the evolving nature of Web Application designs and recent observations in new designs by our customers,
      2. Cross-Site Scripting Smart Attack has been upgraded for improved detection of Vulnerabilities.
      3. Smart Attack has been upgraded and equipped to detect the content in the Alert. As soon as the Smart Attacks comes across such
      4. Alert Content in the Cenzic format, it would be considered irrespective of the parent window.
      5. Additionally, based on our customer requests, we have added new helpful remediation tips for Coldfusion based applications.
      6. It also features improved special cases of injection highlighting which increases the span of highlighting feature further.
  • Web Server Vulnerabilities SmartAttack™
    • Apache Tomcat Exception Handling Information Disclosure; CVE Reference:CVE-2008-0002, Secunia Advisory:SA28834
      1. A security issue has been reported in Apache Tomcat, which can be exploited by malicious people to disclose potentially sensitive information.
      2. The security issue is caused due to the improper handling of exceptions taking place when the request parameters are being processed. This can lead to the processing of the same parameters in a subsequent request if an exception takes place (e.g. the connection is closed).
      3. The security issue is reported in versions 6.0.5 through 6.0.15.
      4. Detailed information is available at: http://secunia.com/advisories/28834/
      5. Solution: Update to version 6.0.16.
5.7t Manual Updater

https://www.cenzic.com/download/ManualUpdater/11142008fdjfd8edeije9/Manualupdate_57_release_t.exe

CHSupdate_57_release_t.exe

It contains 5.7 updates up to 5.7t release.

Instructions to run the exe:
  1. Double click on CHSUpdater_57.exe.

Note: This update applies only to Cenzic Hailstorm 5.7 and higher. If you have not updated to 5.7 yet, please contact Cenzic Support at support@cenzic.com or 1-866-4CENZIC

Cenzic's dedicated CIA experts focus exclusively on perform ongoing research to not only analyze known vulnerabilities but also discover new or undisclosed vulnerabilities in custom, commercial, and open-source applications, and to make this information available to customers and to the community at large in the form of publications and security alerts. The CIA Web Server Configuration SmartAttack™ was created so that recently discovered vulnerabilities can be integrated into Hailstorm on a fast-response basis.


Application security

COMPANY   |   PRODUCTS & SERVICES   |   SUPPORT   |   NEWS   |   CUSTOMERS   |   PARTNERS   |   CIA RESEARCH   |   CONTACT   |   LEGAL   |   PRIVACY   |   SITE MAP   |   HOME

© Copyright 2008 Cenzic