CVE-2021-45468
https://notcve.org/view.php?id=CVE-2021-45468
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF. Imperva Web Application Firewall (WAF) versiones anteriores a 31-12-2021 permite a atacantes remotos no autenticados usar "Content-Encoding: gzip" para omitir los controles de seguridad del WAF y enviar peticiones HTTP POST maliciosas a servidores web detrás del WAF • https://bishopfox.com/blog/imperva-eliminates-critical-exposure • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2021-45105 – Apache Log4j2 does not always protect from infinite recursion in lookup evaluation
https://notcve.org/view.php?id=CVE-2021-45105
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. Apache Log4j2 versiones 2.0-alpha1 hasta 2.16.0 (excluyendo las versiones 2.12.3 y 2.3.1) no protegían de la recursión no controlada de las búsquedas autorreferenciales. Esto permite a un atacante con control sobre los datos de Thread Context Map causar una denegación de servicio cuando es interpretada una cadena diseñada. • https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832 https://github.com/tejas-nagchandi/CVE-2021-45105 https://github.com/pravin-pp/log4j2-CVE-2021-45105 https://github.com/dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105-1 https://github.com/dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105 https://github.com/dileepdkumar/https-github.com-dileepdkumar-https-github.com-pravin-pp-log4j2-CVE-2021-45105-v htt • CWE-20: Improper Input Validation CWE-674: Uncontrolled Recursion •
CVE-2020-14210
https://notcve.org/view.php?id=CVE-2020-14210
Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking. Vulnerabilidad de Cross-Site Scripting (XSS) reflejada en MONITORAPP WAF en la que se puede ejecutar un script al responder a la información de Request URL. Proporciona una función para responder a la información de Request URL cuando se bloquea • https://github.com/kbgsft/vuln-AIWAF/wiki/Cross-site-scripting%28XSS%29-vulnerability-in-AIWAF-in-MONITORAPP-by-xcuter https://github.com/monitorapp-aicc/report/wiki/CVE-2020-14210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-15524 – Kemp Load Balancer WAF 7.2.40 Bypass
https://notcve.org/view.php?id=CVE-2017-15524
The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request. El componente Application Firewall Pack (AFP, también conocido como Web Application Firewall) en los dispositivos Kemp Load Balancer con versiones de software anteriores a la 7.2.40.1 permite que se omita la característica de seguridad mediante una petición HTTP POST. Kemp load balancers with AFP WAF functionality versions 7.1.30 through 7.2.40 suffer from a POST bypass vulnerability. • http://www.securityfocus.com/archive/1/541602/100/0/threaded https://kemptechnologies.com/files/assets/documentation/7.2/release-notes/Release_Notes-LoadMaster.pdf?pdf-file-view=1 https://www.pallas.com/advisories/cve_2017_15524_kemp_afp_waf_bug_on_post_data •
CVE-2017-14705
https://notcve.org/view.php?id=CVE-2017-14705
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. DenyAll WAF en versiones anteriores a la 6.4.1 permite la ejecución remota de comandos sin autenticación mediante el puerto TCP 3001 debido a que los metacaracteres shell se pueden insertar en el parámetro type a la función tailDateFile en /webservices/stream/tail.php. Se necesita un parámetro de autenticación iToken, pero puede obtenerse mediante la explotación de CVE-2017-14706. • https://github.com/rapid7/metasploit-framework/pull/8980 https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •