Application vulnerability assessment, Anti phishing solution, penetration testing : Cenzic

- Top Vulnerabilities

- Resources

- Alerts

- Disclosure Guidelines

- Library Updates

- Cenzic Newsletter

- White Paper Download

CIA RESEARCH

Alerts

[CIA-1072-Alert] IBM WebSphere Application Server Input Validation Vulnerability

Summary:

HTTP Request Smuggling vulnerabilities were discovered in multiple versions of the Sun Java System web server, application server, web server and proxy server.

Technical Details:

Sites running an affected version should apply the appropriate security fix from Sun. HTTP Request Smuggling vulnerabilities allow an attacker to remote tamper with the HTTP response content of a vulnerable platform, facilitating a range of attacks including content spoofing, phishing, server cache poisoning and manipulation, and variations of script injection attacks. The following platforms are affected:

SPARC Platform

Sun Java System Proxy Server 3.6 without Service Pack 8
Sun Java System Proxy Server 4.0 without Service Pack 1
Sun Java System Web Server 6.0 without Service Pack 10
Sun Java System Web Server 6.1 2005Q1 Sun ONE Application Server 7 without Update 8
Sun Java System Application Server 7 2004Q2 without Update 4
Sun Java System Application Server Enterprise Edition 8.1 2005 Q1
Sun Java System Application Server Platform Edition 8.1 2005 Q1

x86 Platform

Sun Java System Application Server Enterprise Edition 8.1 2005 Q1
Sun Java System Application Server Platform Edition 8.1 2005

Linux Platform

Sun Java System Application Server Enterprise Edition 8.1 2005 Q1
Sun Java System Application Server Platform Edition 8.1 2005 Q1

Windows Platform

Sun Java System Application Server Enterprise Edition 8.1 2005 Q1
Sun Java System Application Server Platform Edition 8.1 2005 Q1

Solution:

Apply the appropriate security fix from Sun. Note: Link requires a Sun support account.

CVE Reference:

CVE-2006-6276

SecurityTracker Number(s):

1017324
1017323
1017322

Vendor URL:

Sun

About the Cenzic CIA Team:

Cenzic Intelligent Analysis (CIA) is Cenzic's research arm that focuses on continuous research for application vulnerabilities. Industry Research, Vulnerability assessment, penetration testing, and security testing - that's what Cenzic Intelligent Analysis Research is all about. Cenzic has dedicated experts whose sole job is to perform ongoing research to find not only common vulnerabilities but also vulnerabilities found in customer applications and make them available to our customers and to the community at large.

About Cenzic:

Cenzic provides Hailstorm^® the revolutionary enterprise software suite for automated application security assessment and compliance that allows corporations and government organizations to dramatically improve the security of commercial and custom applications. Hailstorm enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, and verify compliance with security policies. Benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic's customers are currently in the financial services and e-marketplaces sectors. For more information visit www.cenzic.com or call 1-866-4-CENZIC


>	Datasheet: Hailstorm Enterprise ARC
>	Datasheet: Hailstorm Pro
>	Datasheet: Hailstorm Starter
>	Datasheet: Hailstorm Core
>	White Paper: Beyond Simple Vulnerabilities Scanning
>	White Paper: Cross Frame Scripting
>	White Paper: Cenzic Imperative Assessment Plan
>	White Paper: Enabling Security in the Software Development Lifecycle (PDF)