Twenty Year Anniversary

Imperva SecureSphere WAF 11.5 Bypass

Imperva SecureSphere WAF 11.5 Bypass
Posted Sep 14, 2018
Authored by Damien Cabrie

Imperva SecureSphere WAF version 11.5 suffers from a bypass vulnerability due to first validating that a Content-Type header must be passed.

tags | exploit, bypass
MD5 | 64e8407adb3a1ec56bc9a51ab5a506a1

Imperva SecureSphere WAF 11.5 Bypass

Change Mirror Download
Hello everyone,

Can I have your opinion about this bug below please ?

# Exploit Title: Policy Bypass on Imperva SecureSphere Web Application
Firewall
# Date: 08/05/2018
# Author: Damien CabriA(c)
# Contact: https://twitter.com/nawhack
# Vendor Homepage: http://www.imperva.com
# Version: Imperva SecureSphere WAF 11.5 in all deployment options
# Tested on: Imperva SecureSphere WAF 11.5.0.95_0 (bridge and reverse proxy
mode)
# Class: Policy Bypass

[VULNERABILITY DETAILS]

The Imperva WAF provides solutions to protect websites against attacks (SQL
injections, cross site scripting, illegal resource access). The protect is
base with policies building from Signatures (network, generic attack, known
web application vulnerabilities), Application profiling and Threatradar
Reputation Service.

There is a bug in the Web Correlation Policy engine which protect against
SQLi and XSS.

The WAF is not able to detect malicious SQLi or XSS content in the body of
POST requests without the "Content-Type" header.

An attacker can easily craft a POST request method without the Content-Type
header to bypass firewall protections.

Applications protected by the WAF could be compromised with this bug.

[REMEDIATION]
If possible, block POST requests without Content-Type header.

[DISCLOSURE TIME-LINE]
* 08/05/2018 - Initial vendor contact.

* 27/06/2018 - Imperva confirmed the issue. Fix targeted for Q4 2018.

* 12/07/2018 - Ticket closed.

* 18/08/2018 - Public disclosure.

Regards


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close