exploitDog

GHSA-332m-xp6m-r638

Опубликовано: 15 янв. 2022

Источник: github

Github: Не прошло ревью

Описание

Imperva Web Application Firewall (WAF) before 2021-12-31 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.

Imperva Web Application Firewall (WAF) before 2021-12-31 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.

Ссылки

EPSS

Процентиль: 97%

0.36095

Средний

CVE ID

Дефекты

CWE-444

Связанные уязвимости

CVE-2021-45468

CVSS3: 9.8

nvd

около 4 лет назад

Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.

EPSS

Процентиль: 97%

0.36095

Средний

CVE ID

Дефекты

CWE-444