Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Securesphere_web_application_firewall | Imperva | 5.0.0.5082 (including) | 5.0.0.5082 (including) |
| Securesphere_web_application_firewall | Imperva | 6.0.5.6230 (including) | 6.0.5.6230 (including) |
| Securesphere_web_application_firewall | Imperva | 6.0.5.6238 (including) | 6.0.5.6238 (including) |
| Securesphere_web_application_firewall | Imperva | 6.0.6.6274 (including) | 6.0.6.6274 (including) |
| Securesphere_web_application_firewall | Imperva | 6.0.6.6302 (including) | 6.0.6.6302 (including) |
| Securesphere_web_application_firewall | Imperva | 6.2.0.6442 (including) | 6.2.0.6442 (including) |
| Securesphere_web_application_firewall | Imperva | 6.2.0.6463 (including) | 6.2.0.6463 (including) |
| Securesphere_web_application_firewall | Imperva | 7.0.0.7061 (including) | 7.0.0.7061 (including) |
References
- http://www.clearskies.net/documents/css-advisory-css1001-imperva.php
- http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html
- http://www.securityfocus.com/archive/1/510709/100/0/threaded
- http://www.securityfocus.com/bid/39472
- http://www.clearskies.net/documents/css-advisory-css1001-imperva.php
- http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html
- http://www.securityfocus.com/archive/1/510709/100/0/threaded
- http://www.securityfocus.com/bid/39472