Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-14706

Опубликовано: 22 сент. 2017
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Высокий

Описание

DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:denyall:i-suite:5.5.0:*:*:*:lts:*:*:*
cpe:2.3:a:denyall:i-suite:5.5.9:*:*:*:lts:*:*:*
cpe:2.3:a:denyall:i-suite:5.5.10:*:*:*:lts:*:*:*
cpe:2.3:a:denyall:i-suite:5.5.11:*:*:*:lts:*:*:*
cpe:2.3:a:denyall:i-suite:5.5.12:*:*:*:lts:*:*:*
cpe:2.3:a:denyall:i-suite:5.6.0:*:*:*:lts:*:*:*
cpe:2.3:a:denyall:web_application_firewall:5.7.0:*:*:*:*:*:*:*
cpe:2.3:a:denyall:web_application_firewall:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:denyall:web_application_firewall:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:denyall:web_application_firewall:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:denyall:web_application_firewall:6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:denyall:web_application_firewall:6.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%
0.72371
Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

github логотип

GHSA-xg92-4q2x-2943

CVSS3: 9.8
github
больше 3 лет назад

DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.

EPSS

Процентиль: 99%
0.72371
Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287