CVE-2024-21733 Apache Tomcat HTTP Request Smuggling

CVE-2024-21733 Apache Tomcat HTTP Request Smuggling

Our security research team recently discovered a critical “0day” vulnerability which was assigned CVE-2024-21733. The vulnerability was discovered by xer0dayz from Sn1perSecurity LLC and allows attackers to force a victim’s browser to de-synchronize its connection with websites hosted on top of Apache Tomcat, causing sensitive data to be smuggled from the server and/or client connections. In some cases, this can leak sensitive data such as clear-text credentials.

Severity: CRITICAL | Exploit Available: Yes | Exploitability: Easy | Remotely Exploitable: Yes

(more…)

Sn1per Enterprise Next Gen Tool

Sn1per: The Next Generation of Tools for Security Professionals

In the past few years, we have seen a dramatic increase in the number of tools available to security professionals. This is a direct result of the increased demand for security services, as companies of all sizes recognize the importance of securing their networks and data. With so many tools on the market, it can be difficult to know which ones are worth your time and money. That’s why we’re excited to showcase Sn1per, the next generation of tools for security professionals.

(more…)

Automate Your Security Workflow with Sn1per

5 Ways Sn1per Can Automate Your Security Workflow

If you’re in the security field, you know that there are a lot of moving parts to keep track of. It can be tough to stay on top of everything, and even tougher to find the time to do it all manually. That’s where Sn1per comes in – it’s a tool that helps automate various aspects of your workflow so you can focus on other things. In this blog post, we’ll show you 5 ways Sn1per can help you save time in the process.

(more…)

Sn1per-CVE-2022-26134-detection1

Confluence RCE via OGNL template injection (CVE-2022-26134)

A critical vulnerability affecting the Atlassian Confluence was disclosed and designated CVE-2022-26134 which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers. A number of Proof-of-Concept (PoC) exploits were published online and exploit activity is actively being observed. Given the impact and severity of the vulnerability, Sn1perSecurity has released an out-of-band update to help detect vulnerable servers in your environment using Sn1per Professional and Sn1per Enterprise.

Severity: CRITICAL | Exploit Available: Yes | Exploitability: Easy | Remotely Exploitable: Yes

(more…)

Sn1per-CVE-2022-1388-Scanner1

BIG-IP iControl REST RCE (CVE-2022-1388) Detection with Sn1per Professional

A critical vulnerability affecting the F5 BIG-IP devices was disclosed and designated CVE-2022-1388 which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers. A number of Proof-of-Concept (PoC) exploits were published online and exploit activity is actively being observed. Given the impact and severity of the vulnerability, Sn1perSecurity has released an out-of-band update to help detect vulnerable servers in your environment using Sn1per Professional.

Severity: CRITICAL | Exploit Available: Yes | Exploitability: Easy | Remotely Exploitable: Yes

(more…)