what you don't know can hurt you

Imperva SecureSphere WAF 11.5 Bypass

Imperva SecureSphere WAF 11.5 Bypass
Posted Sep 14, 2018
Authored by Damien Cabrie

Imperva SecureSphere WAF version 11.5 suffers from a bypass vulnerability due to first validating that a Content-Type header must be passed.

tags | exploit, bypass
MD5 | 64e8407adb3a1ec56bc9a51ab5a506a1

Imperva SecureSphere WAF 11.5 Bypass

Change Mirror Download
Hello everyone,

Can I have your opinion about this bug below please ?

# Exploit Title: Policy Bypass on Imperva SecureSphere Web Application
Firewall
# Date: 08/05/2018
# Author: Damien CabriA(c)
# Contact: https://twitter.com/nawhack
# Vendor Homepage: http://www.imperva.com
# Version: Imperva SecureSphere WAF 11.5 in all deployment options
# Tested on: Imperva SecureSphere WAF 11.5.0.95_0 (bridge and reverse proxy
mode)
# Class: Policy Bypass

[VULNERABILITY DETAILS]

The Imperva WAF provides solutions to protect websites against attacks (SQL
injections, cross site scripting, illegal resource access). The protect is
base with policies building from Signatures (network, generic attack, known
web application vulnerabilities), Application profiling and Threatradar
Reputation Service.

There is a bug in the Web Correlation Policy engine which protect against
SQLi and XSS.

The WAF is not able to detect malicious SQLi or XSS content in the body of
POST requests without the "Content-Type" header.

An attacker can easily craft a POST request method without the Content-Type
header to bypass firewall protections.

Applications protected by the WAF could be compromised with this bug.

[REMEDIATION]
If possible, block POST requests without Content-Type header.

[DISCLOSURE TIME-LINE]
* 08/05/2018 - Initial vendor contact.

* 27/06/2018 - Imperva confirmed the issue. Fix targeted for Q4 2018.

* 12/07/2018 - Ticket closed.

* 18/08/2018 - Public disclosure.

Regards


Login or Register to add favorites

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    13 Files
  • 28
    May 28th
    13 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close