CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17427
https://notcve.org/view.php?id=CVE-2017-17427
Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations. Los dispositivos Radware Alteon con versiones de firmware entre 31.0.0.0-31.0.3.0 son vulnerables a un ataque de texto cifrado elegido adaptativo, también conocido como "ataque Bleichenbacher". Esto permite que un atacante descifre tráfico observado que ha sido cifrado con el método RSA y realice otras operaciones con la clave privada. • http://www.securityfocus.com/bid/102199 https://robotattack.org https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability https://www.kb.cert.org/vuls/id/144389 • CWE-203: Observable Discrepancy •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2016-10212
https://notcve.org/view.php?id=CVE-2016-10212
Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product. Dispositivos Radware utilizan el mismo valor para los dos primeros GCM nonces, lo que permite a atacantes remotos obtener la clave de autenticación y suplantar data a través de un "ataque prohibido", un problema similar a CVE-2016-0270. NOTA: este problema puede deberse al uso de un producto Cavium de terceros. • http://www.securityfocus.com/bid/96172 https://github.com/nonce-disrespect/nonce-disrespect https://support.radware.com/app/answers/answer_view/a_id/18456 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2301
https://notcve.org/view.php?id=CVE-2009-2301
The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/. El radware AppWall Web Application Firewall (WAF) v1.0.2.6, con Gateway v4.6.0.2, permite a los atacantes remotos leer código fuente a través de una petición directa a (1) funcs.inc, (2) defines.inc, o (3) msg.inc en Management/. • http://www.securityfocus.com/archive/1/504682/100/0/threaded • CWE-20: Improper Input Validation •