Описание
A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11, 4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4 mishandles the configured rules for blocking SQL injection attacks, aka A10-2017-0008.
Ссылки
- https://www.a10networks.com/support/security-advisories/waf-sql-injection-attack-sqlia-vulnerabilityMitigationVendor Advisory
- https://www.a10networks.com/support/security-advisories/waf-sql-injection-attack-sqlia-vulnerabilityMitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:a10networks:acos_web_application_firewall:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:2.7.2:p1:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:2.7.2:p10:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:2.7.2:p11:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:2.7.2:p2:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:2.7.2:p3:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:2.7.2:p4:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:2.7.2:p5:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:2.7.2:p6:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:2.7.2:p7:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:2.7.2:p7-sp3:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:2.7.2:p8:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:2.7.2:p9:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.0:p1:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.0:p10:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.0:p2:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.0:p3:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.0:p4:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.0:p5:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.0:p6:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.0:p7:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.0:p8:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.0:p9:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.1:p1:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.1:p2:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.1:p3:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.1:p4:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.1:p5:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.1:p6:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.1:p7:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.2:p1:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.2:p2:*:*:*:*:*:*
cpe:2.3:a:a10networks:acos_web_application_firewall:4.1.2:p3:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00367
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11, 4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4 mishandles the configured rules for blocking SQL injection attacks, aka A10-2017-0008.
EPSS
Процентиль: 58%
0.00367
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89