CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2021-45468
https://notcve.org/view.php?id=CVE-2021-45468
14 Jan 2022 — Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF. Imperva Web Application Firewall (WAF) versiones anteriores a 31-12-2021 permite a atacantes remotos no autenticados usar "Content-Encoding: gzip" para omitir los controles de seguridad del WAF y enviar peticiones HTTP POST maliciosas a servidores web detrás del WAF • https://github.com/0xhaggis/Imperva_gzip_bypass • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-14210
https://notcve.org/view.php?id=CVE-2020-14210
16 Jun 2020 — Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking. Vulnerabilidad de Cross-Site Scripting (XSS) reflejada en MONITORAPP WAF en la que se puede ejecutar un script al responder a la información de Request URL. Proporciona una función para responder a la información de Request URL cuando se bloquea • https://github.com/monitorapp-aicc/report • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 2CVE-2017-15524 – Kemp Load Balancer WAF 7.2.40 Bypass
https://notcve.org/view.php?id=CVE-2017-15524
15 Dec 2017 — The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request. El componente Application Firewall Pack (AFP, también conocido como Web Application Firewall) en los dispositivos Kemp Load Balancer con versiones de software anteriores a la 7.2.40.1 permite que se omita la característica de seguridad mediante una petición HTTP POST. Kemp load balancers with AFP WAF functionality v... • https://packetstorm.news/files/id/145433 •
CVSS: 9.3EPSS: 2%CPEs: 12EXPL: 2CVE-2017-14705
https://notcve.org/view.php?id=CVE-2017-14705
22 Sep 2017 — DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.... • https://github.com/rapid7/metasploit-framework/pull/8980 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 75%CPEs: 12EXPL: 2CVE-2017-14706
https://notcve.org/view.php?id=CVE-2017-14706
22 Sep 2017 — DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. DenyAll WAF en versiones anteriores a la 6.4.1 permite que los atacantes remotos sin autenticar obt... • https://github.com/rapid7/metasploit-framework/pull/8980 • CWE-287: Improper Authentication •