CVE-2021-45468

Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
References
Link Resource
https://bishopfox.com/blog/imperva-eliminates-critical-exposure Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:imperva:web_application_firewall:*:*:*:*:*:*:*:*

History

21 Jan 2022, 19:57

Type Values Removed Values Added
First Time Imperva web Application Firewall
Imperva
References (MISC) https://bishopfox.com/blog/imperva-eliminates-critical-exposure - (MISC) https://bishopfox.com/blog/imperva-eliminates-critical-exposure - Exploit, Third Party Advisory
CWE CWE-444
CPE cpe:2.3:a:imperva:web_application_firewall:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8

14 Jan 2022, 23:15

Type Values Removed Values Added
Summary Imperva Web Application Firewall (WAF) before 2021-12-31 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF. Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.

14 Jan 2022, 18:24

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-14 18:15

Updated : 2022-01-21 19:57


NVD link : CVE-2021-45468

Mitre link : CVE-2021-45468


JSON object : View

Products Affected

imperva

  • web_application_firewall
CWE
CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')