SANTA CLARA, CA -- (MARKET WIRE) -- 04/05/06 -- Cenzic, Inc. today released the fourth set in a series of plug-ins for the popular Nessus security scanner. The announcement expands on Cenzic's contribution to the open source community, further helping businesses leverage open source solutions to tackle common security challenges. The plug-ins are available for download immediately from the Cenzic web site at http://www.cenzic.com/nasl.html.

Cenzic® Hailstorm® helps companies protect their web-based applications from potential security threats by emulating the way real hackers work in order to test applications for security vulnerabilities and compliance issues. By assessing applications in a stateful manner, Cenzic provides companies with highly accurate results without the "false positives" often associated with scanning-based solutions, as well as tests for application logic issues and policy compliance for internal policies and regulatory standards.

Cenzic is also the only company in the industry to have both a state-of-the-art software solution, Cenzic Hailstorm, and a managed service, ClickToSecure(TM), allowing enterprises the flexibility to use either solution or both based on their needs. While some prefer using the software solution, many enterprises prefer the managed service model to avoid internal resources deployment and still have the ability to leverage a powerful and accurate technology.

The following plug-ins are available immediately for free download:

1. WebLogic Crystal Reports flaw: A remote user can view and delete arbitrary files or consume disk space on the target system. BEA's WebLogic 8.1 includes Crystal Reports and is therefore affected.

2. Sun Java Server installation path disclosure exploit: An information disclosure vulnerability was reported in the Sun Java Application Server, which allows a remote user to determine the installation path.

3. MySQL Server version 3.23 vulnerabilities: A remote authenticated user may be able to gain elevated privileges or cause denial of service conditions.

4. WebLogic administrative password disclosure: BEA reported that a remote or local WebLogic Server or WebLogic Express user with the ability to install and execute code within the target WebLogic Server can obtain administrative username and password information. The information can then be used to login as the Administrator or Operator user account that booted the server.

5. WebLogic clear text passwords in scripts: BEA Systems reported that some scripts used to run command-line utilities and administrative tasks might contain clear text passwords, which make these passwords accessible to local users.

6. WebLogic Ant tasks admin password disclosure: It is reported that when an administrator is using the WebLogic Server and Express wldeploy, wlserver, or wlconfig Ant tasks, the administrators password is echoed to the screen. A physically local user may therefore be able to view the password as it is typed. It is also reported that log files containing the output of the Ant tasks will include the password. Sites that use the Ant tasks for controlling the server are reportedly affected.

7. WebLogic webxml patterns: A vulnerability was reported in WebLogic Server and WebLogic Express when running on operating systems that have case-sensitive filenames but loading applications from systems that do not support case-sensitive filenames. Some URL patterns in the web.xml file may not be processed properly, causing access controls to be applied incorrectly.

8. WebLogic writes admin password in clear text: In BEA WebLogic Server and Express version 8.1 (including Service Pack 1), a local user may be able to view the administrator's password. It is reported that the config.xml file may contain the administrator password used to boot the server. The password will reportedly be in clear text.

9. WebLogic delete access control tags: A vulnerability was reported in BEA WebLogic Server and Express sites that use WebLogic Builder to edit weblogic.xml files or use the SecurityRoleAssignmentMBean.toXML() method. BEA Systems reported that if a weblogic.xml file contains < security-role-assignment > tags that do not contain any < principal-name > tags, the tags may be removed due to a coding error when edited using WebLogic Builder or processed using the SecurityRoleAssignmentMBean.toXML() method. The Servlet container will then assign defaults for the security roles (a group of the same name is the default). As a result, a remote user may be able to gain unauthorized access to the web application.

10. WebLogic authentication incorrect privileges: In BEA WebLogic Server and WebLogic Express in the WebLogic Authentication provider, a group may be assigned elevated privileges in certain cases. BEA reported that WebLogic Server and WebLogic Express sites that use the WebLogic Authentication provider as the default authentication provider in a security realm may be affected.

11. PHP array processing error lets remote users overwrite memory: In PHP 5.0.1 and prior versions in the processing of MIME data, a remote user may be able to cause memory to be overwritten.

12. MySQL double quote query remote DoS: In MySQL, a remote authenticated user with the ability to issue SQL commands can cause the database to crash.

13. PHP array parsing disclose memory contents: In PHP in the phpinfo() function, a remote user may be able to obtain memory contents. An array parsing error in php variables.c may cause the system to display arbitrary memory contents. A remote user can append a GET, POST, or COOKIE variable array to a request to trigger the flaw.

14. Sun JavaAS SOAP request processing remote users DoS: In the Sun Java Application Server in the processing of SOAP requests, a remote user can cause denial of service conditions on the target system.

About Cenzic

Cenzic is a leading provider of the next-generation enterprise software and a leading Managed Service offering for automated application security assessment and compliance that allows Fortune 1000 corporations, mid-sized corporations, and government organizations to dramatically improve the security of web applications. Cenzic® Hailstorm®, the most accurate and extensible product in the industry, enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities. Hailstorm benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic's ClickToSecure(TM) service is one of the industry's first Software as a Service (SaaS) to combine the power of an enterprise-class application security assessment product with the flexibility of a managed security service. Cenzic Assessment Methodology completes the solution with a state-of-the-art business process consulting service to help customers improve their application security methodologies. Cenzic solutions are the most accurate, comprehensive, and extensible in the industry. Cenzic's current focus includes financial services, e-retail, healthcare, and government sectors. For more information, visit www.cenzic.com.

Disclaimer: Nessus is a trademark of Tenable Network Security. Cenzic, Inc. products are not affiliated with or otherwise approved by Tenable.

CONTACT:
Jason Throckmorton or Jesse Odell
LaunchSquad
415-625-8555
Email Contact