CVE-2024-21733 Apache Tomcat HTTP Request Smuggling

CVE-2024-21733 Apache Tomcat HTTP Request Smuggling

Our security research team recently discovered a critical “0day” vulnerability which was assigned CVE-2024-21733. The vulnerability was discovered by xer0dayz from Sn1perSecurity LLC and allows attackers to force a victim’s browser to de-synchronize its connection with websites hosted on top of Apache Tomcat, causing sensitive data to be smuggled from the server and/or client connections. In some cases, this can leak sensitive data such as clear-text credentials.

Severity: CRITICAL | Exploit Available: Yes | Exploitability: Easy | Remotely Exploitable: Yes

(more…)

January 21, 2024 Attack Surface Management, Bug Bounties, CVE's, News, Penetration Testing, Threat Intelligence No comments yet
Sn1per SE Update

Sn1per Scan Engine v10.5 Released!
Sn1per SE (Scan Engine) v10.5 is now available with a ton of new features and improvements. This update is part of the Sn1per SE development branch which is available to Sn1per Professional v10.0 and Sn1per Enterprise customers. If you are a previous customer (ie. Sn1per Professional v9.0 or less) or if you use the Community Edition available on Github, you will need to purchase a Sn1per Professional v10.0 license to download and receive updates.

(more…)

January 1, 2024 News No comments yet

Sn1per Professional vs. Sn1per Enterprise: A Comprehensive Comparison

Confused about the difference between Sn1per Professional and Sn1per Enterprise? We’ve got you covered. In this blog post, we’ll dive into the key distinctions to help you make an informed decision.

(more…)

September 2, 2023 News, Uncategorized No comments yet
Automated Penetration Testing with Sn1per Enterprise

Automated Penetration Testing Guide – Your Ultimate Resource

In today’s digital landscape, cybersecurity plays a crucial role in protecting sensitive information. One effective method to bolster your security measures is through automated penetration testing. In this comprehensive guide, we will explore the world of automated penetration testing, its numerous benefits, and how it can become your ultimate resource for safeguarding your digital assets.

(more…)

June 14, 2023 Attack Surface Management, Penetration Testing, Red Team, Uncategorized, Vulnerability Scanning No comments yet
Dark Web Monitoring

Dark Web Monitoring: Securing Your External Attack Surface

In today’s digital era, data breaches and cyber-attacks are increasing day by day, and with the increasing amount of data being stored and transmitted online, the threat is real. Hackers and cybercriminals are constantly looking for vulnerabilities to exploit in your organization’s system. With the advent of the dark web, a new type of marketplace for hackers has emerged. Here, they can buy and sell stolen data, tools, and services, making it even easier for them to launch an attack. In this article, we will discuss what dark web monitoring is and how it can help secure your external attack surface.

(more…)

May 4, 2023 Attack Surface Management, Dark Web Monitoring, Penetration Testing, Threat Intelligence No comments yet