CVE-2024-21733 Apache Tomcat HTTP Request Smuggling

CVE-2024-21733 Apache Tomcat HTTP Request Smuggling

Our security research team recently discovered a critical “0day” vulnerability which was assigned CVE-2024-21733. The vulnerability was discovered by xer0dayz from Sn1perSecurity LLC and allows attackers to force a victim’s browser to de-synchronize its connection with websites hosted on top of Apache Tomcat, causing sensitive data to be smuggled from the server and/or client connections. In some cases, this can leak sensitive data such as clear-text credentials.

Severity: CRITICAL | Exploit Available: Yes | Exploitability: Easy | Remotely Exploitable: Yes

(more…)

January 21, 2024 Attack Surface Management, Bug Bounties, CVE's, News, Penetration Testing, Threat Intelligence No comments yet
Sn1per SE Update

Sn1per Scan Engine v10.5 Released!
Sn1per SE (Scan Engine) v10.5 is now available with a ton of new features and improvements. This update is part of the Sn1per SE development branch which is available to Sn1per Professional v10.0 and Sn1per Enterprise customers. If you are a previous customer (ie. Sn1per Professional v9.0 or less) or if you use the Community Edition available on Github, you will need to purchase a Sn1per Professional v10.0 license to download and receive updates.

(more…)

January 1, 2024 News No comments yet
Sn1per-Enterprise-Released1

Sn1per Enterprise v20231025 Released!

We are pleased to announce the release of Sn1per Enterprise v20231025, packed with a multitude of new features and improvements exclusively for our Sn1per Enterprise customers. This blog post will provide a comprehensive overview of these latest additions. If you haven’t joined the Sn1per Enterprise community yet, feel free to request a quote or free trial to explore the benefits of this enhanced offering.

(more…)

October 29, 2023 News No comments yet

Sn1per Professional vs. Sn1per Enterprise: A Comprehensive Comparison

Confused about the difference between Sn1per Professional and Sn1per Enterprise? We’ve got you covered. In this blog post, we’ll dive into the key distinctions to help you make an informed decision.

(more…)

September 2, 2023 News, Uncategorized No comments yet
Automated Penetration Testing with Sn1per Enterprise

Automated Penetration Testing Guide – Your Ultimate Resource

In today’s digital landscape, cybersecurity plays a crucial role in protecting sensitive information. One effective method to bolster your security measures is through automated penetration testing. In this comprehensive guide, we will explore the world of automated penetration testing, its numerous benefits, and how it can become your ultimate resource for safeguarding your digital assets.

(more…)

June 14, 2023 Attack Surface Management, Penetration Testing, Red Team, Uncategorized, Vulnerability Scanning No comments yet