CVE-2024-21733 Apache Tomcat HTTP Request Smuggling

CVE-2024-21733 Apache Tomcat HTTP Request Smuggling

Our security research team recently discovered a critical “0day” vulnerability which was assigned CVE-2024-21733. The vulnerability was discovered by xer0dayz from Sn1perSecurity LLC and allows attackers to force a victim’s browser to de-synchronize its connection with websites hosted on top of Apache Tomcat, causing sensitive data to be smuggled from the server and/or client connections. In some cases, this can leak sensitive data such as clear-text credentials.

Severity: CRITICAL | Exploit Available: Yes | Exploitability: Easy | Remotely Exploitable: Yes

(more…)

Sn1per Professional v10.1 SE Update Released!

Sn1per Professional v10.1 Scan Engine (SE) update is now available for Sn1per Professional v10.0 customers with a ton of new features and improvements. This update is part of the Sn1per Professional SE development branch which is exclusively available only to Sn1per Professional v10.0 customers. If you are a previous customer (ie. Sn1per Professional v9.0 or less) or if you use the Community Edition available on Github, you will need to purchase a Sn1per Professional v10.0 license to download and receive scan engine updates.

(more…)

Sn1perSecurity-Attack-Surface-Management-header2

Sn1per Professional v10.0 Released

After months of hard work and development, we are pleased to announce the release of Sn1per Professional v10.0. This is a major release with many fixes, improvements and new features to help customers get the most value using Sn1per. Starting with v10.0, customers will have have 3 new pricing plans to choose from which will more closely align with their needs while remaining competitive in the market. In this post, we will go into detail for all of these changes and more.

(more…)

Sn1perProfessional-vs-Community

Sn1per Community vs. Professional – What’s The Difference?

We recently received some questions regarding differences between Sn1per “Community” and “Professional“, so we thought we would cover this in a detailed post. Whether you’re an independent security researcher or a multi-billion dollar company looking to purchase Sn1per Professional, we hope this blog post will guide you to make the best decision based on your needs and budget.  There are many advantages of using our “Professional” version over our “Community” edition, but this blog post will cover the most significant items.

(more…)

Sn1per Professional Nessus Add-on

Sn1per Professional Nessus Add-on Update!

In case you missed it, we recently added support for Nessus v10.x in Sn1per Professional (version 1.0 of our Nessus Add-on only supported Nessus v8.8.x integration). Our new Nessus v2.0 Add-on lets customers scan for the latest vulnerabilities using Nessus version 10.x and download detailed vulnerability reports in HTML and CSV format with Sn1per Professional. We also added the ability to select different Nessus scan profiles when configuring the scans via Sn1per to provide greater customization. Be sure to check out the full blog post for more details.

(more…)