Описание
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2021-12-23 (исключая)
cpe:2.3:a:imperva:web_application_firewall:*:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.36095
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-444
Связанные уязвимости
github
около 4 лет назад
Imperva Web Application Firewall (WAF) before 2021-12-31 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
EPSS
Процентиль: 97%
0.36095
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-444