Search criteria
12 vulnerabilities found for securesphere_web_application_firewall by imperva
FKIE_CVE-2011-5266
Vulnerability from fkie_nvd - Published: 2020-01-08 23:15 - Updated: 2024-11-21 01:34
Severity ?
Summary
Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2011/May/163 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2011/May/163 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| imperva | securesphere_web_application_firewall | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29FE609D-D891-4217-821A-08A7A41226F2",
"versionEndExcluding": "2010-08-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass."
},
{
"lang": "es",
"value": "Imperva SecureSphere Web Application Firewall (WAF) antes del 12 de agosto de 2010, permite omitir el filtro de inyecci\u00f3n SQL."
}
],
"id": "CVE-2011-5266",
"lastModified": "2024-11-21T01:34:01.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-08T23:15:10.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2011/May/163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2011/May/163"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4887
Vulnerability from fkie_nvd - Published: 2014-09-11 14:16 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| imperva | securesphere_web_application_firewall | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D311E127-DC16-4C27-B830-AB8406C7CBC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la tabla de violaciones en la GUI de gesti\u00f3n en el servidor MX Management en Imperva SecureSphere Web Application Firewall (WAF) 9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del campo del nombre del usuario."
}
],
"id": "CVE-2011-4887",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-11T14:16:02.897",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/79338"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48086"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.imperva.com/Services/adc_advisories_response_secureworks_CVE_2011_4887"
},
{
"source": "cve@mitre.org",
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-002/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52064"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/79338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.imperva.com/Services/adc_advisories_response_secureworks_CVE_2011_4887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73264"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-0767
Vulnerability from fkie_nvd - Published: 2011-06-06 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| imperva | securesphere_web_application_firewall | 6.2 | |
| imperva | securesphere_web_application_firewall | 7.0 | |
| imperva | securesphere_web_application_firewall | 7.0.0.7061 | |
| imperva | securesphere_web_application_firewall | 7.0.0.7078 | |
| imperva | securesphere_web_application_firewall | 7.5 | |
| imperva | securesphere_web_application_firewall | 8.0 | |
| imperva | securesphere_web_application_firewall | 8.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51641749-DDD9-4744-BA7D-8B99B4BCC32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1467CB0D-598C-4582-AED6-233F73EB8378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7061:*:*:*:*:*:*:*",
"matchCriteriaId": "DD39B83F-25B7-4674-A4B8-7EBDCD3EC611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7078:*:*:*:*:*:*:*",
"matchCriteriaId": "F11F0459-AA27-4892-AA26-F2BCB7CB3B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "327D03E6-1F83-4231-A110-26A3F72C9827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA8B34D-FF53-4391-BD0F-EC5FFB6DBDDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "151D0049-15A0-4D1B-A6E8-52830618289B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el GUI de control de MX Management Server en Imperva SecureSphere Web Application Firewall v6.2, 7.x, y 8.x , permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de una petici\u00f3n HTTP a un servidor filtrado, cambien conocido como Bug ID 31759."
}
],
"id": "CVE-2011-0767",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-06T19:55:01.427",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44772"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/567774"
},
{
"source": "cret@cert.org",
"url": "http://www.secureworks.com/research/advisories/SWRX-2011-001/"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/567774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.secureworks.com/research/advisories/SWRX-2011-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67779"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1329
Vulnerability from fkie_nvd - Published: 2010-04-15 17:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:5.0.0.5082:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A7B25E-BEB0-417B-8EB5-96307ED9B7E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.5.6230:*:*:*:*:*:*:*",
"matchCriteriaId": "38B58D25-856C-4EA0-8BC4-F15A3418007F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.5.6238:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCE6B26-F4B5-49BF-A327-4E580314F849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.6.6274:*:*:*:*:*:*:*",
"matchCriteriaId": "EB352839-EA7F-417C-9B83-E01E33AE099A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.6.6302:*:*:*:*:*:*:*",
"matchCriteriaId": "AAC5D1E3-FAF0-488B-818E-EA3298F00467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.2.0.6442:*:*:*:*:*:*:*",
"matchCriteriaId": "6FEE98AC-E353-4959-9F17-ED314FD412EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.2.0.6463:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7BE17E-BB21-443D-822A-4A5356CE1928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7061:*:*:*:*:*:*:*",
"matchCriteriaId": "DD39B83F-25B7-4674-A4B8-7EBDCD3EC611",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:5.0.0.5082:*:*:*:*:*:*:*",
"matchCriteriaId": "92F6318F-F82B-49CE-BBDE-590FBAC94788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.5.6230:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCF4FCD-2CB2-4DA6-85B7-9368141E900F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.5.6238:*:*:*:*:*:*:*",
"matchCriteriaId": "5F474DA7-3CF6-465F-9CBB-C9303139455E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.6.6274:*:*:*:*:*:*:*",
"matchCriteriaId": "57CB57EC-AD75-4BF5-BC0C-7A59AC9C5B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.6.6302:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9EBB80-2DA7-457D-A22B-FC7DEFA540CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:6.2.0.6442:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22550D-3C07-46B2-BC2A-BF0B48F61C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:6.2.0.6463:*:*:*:*:*:*:*",
"matchCriteriaId": "468E56A4-83CA-4C67-9289-EE2B25AB1431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:7.0.0.7061:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D811A9-CA1E-4C73-B25D-98E04CD46388",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.4.6128:*:*:*:*:*:*:*",
"matchCriteriaId": "AE558AAE-8F45-4083-AB63-DE3E6F821D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.4.6128:*:*:*:*:*:*:*",
"matchCriteriaId": "BA0499B4-0EA7-4F6C-840E-BA74C0CFCA0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:crossbeamsystems:xos:8.0\\/5:*:*:*:*:*:*:*",
"matchCriteriaId": "D66A03BA-6835-4651-8AFA-08DA2AB663B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:7.0.0.7078:*:*:*:*:*:*:*",
"matchCriteriaId": "64A18DB2-099E-4CC8-A2AA-71202C754DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7078:*:*:*:*:*:*:*",
"matchCriteriaId": "F11F0459-AA27-4892-AA26-F2BCB7CB3B1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:crossbeamsystems:xos:8.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD4EC0F-B72B-4B76-AD2D-54C5C4C78D4A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation."
},
{
"lang": "es",
"value": "Imperva SecureSphere Web Application Firewall y Database Firewall v5.0.0.5082 a la v7.0.0.7078, permite a atacantes remotos evitar la funcionalidad de prevenci\u00f3n frente a intrusiones mediante un petici\u00f3n que tiene a\u00f1adida una cadena larga manipulada de un modo no especificada."
}
],
"id": "CVE-2010-1329",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-15T17:30:00.553",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/39472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39472"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-5266 (GCVE-0-2011-5266)
Vulnerability from cvelistv5 – Published: 2020-01-08 22:43 – Updated: 2024-08-07 00:30
VLAI?
Summary
Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:30:46.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/May/163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-08T22:43:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2011/May/163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2011/May/163",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2011/May/163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5266",
"datePublished": "2020-01-08T22:43:52",
"dateReserved": "2013-07-12T00:00:00",
"dateUpdated": "2024-08-07T00:30:46.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4887 (GCVE-0-2011-4887)
Vulnerability from cvelistv5 – Published: 2014-09-11 14:00 – Updated: 2024-08-07 00:16
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-002/"
},
{
"name": "securesphere-unspec-xss(73264)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73264"
},
{
"name": "52064",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.imperva.com/Services/adc_advisories_response_secureworks_CVE_2011_4887"
},
{
"name": "79338",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/79338"
},
{
"name": "48086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-002/"
},
{
"name": "securesphere-unspec-xss(73264)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73264"
},
{
"name": "52064",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.imperva.com/Services/adc_advisories_response_secureworks_CVE_2011_4887"
},
{
"name": "79338",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/79338"
},
{
"name": "48086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-002/",
"refsource": "MISC",
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-002/"
},
{
"name": "securesphere-unspec-xss(73264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73264"
},
{
"name": "52064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52064"
},
{
"name": "http://www.imperva.com/Services/adc_advisories_response_secureworks_CVE_2011_4887",
"refsource": "CONFIRM",
"url": "http://www.imperva.com/Services/adc_advisories_response_secureworks_CVE_2011_4887"
},
{
"name": "79338",
"refsource": "OSVDB",
"url": "http://osvdb.org/79338"
},
{
"name": "48086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4887",
"datePublished": "2014-09-11T14:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0767 (GCVE-0-2011-0767)
Vulnerability from cvelistv5 – Published: 2011-06-06 19:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44772"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secureworks.com/research/advisories/SWRX-2011-001/"
},
{
"name": "securesphere-web-server-xss(67779)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67779"
},
{
"name": "VU#567774",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/567774"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "44772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44772"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secureworks.com/research/advisories/SWRX-2011-001/"
},
{
"name": "securesphere-web-server-xss(67779)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67779"
},
{
"name": "VU#567774",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/567774"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44772",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44772"
},
{
"name": "http://www.secureworks.com/research/advisories/SWRX-2011-001/",
"refsource": "MISC",
"url": "http://www.secureworks.com/research/advisories/SWRX-2011-001/"
},
{
"name": "securesphere-web-server-xss(67779)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67779"
},
{
"name": "VU#567774",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/567774"
},
{
"name": "http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html",
"refsource": "CONFIRM",
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-0767",
"datePublished": "2011-06-06T19:00:00",
"dateReserved": "2011-02-03T00:00:00",
"dateUpdated": "2024-08-06T22:05:53.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1329 (GCVE-0-2010-1329)
Vulnerability from cvelistv5 – Published: 2010-04-15 17:00 – Updated: 2024-08-07 01:21
VLAI?
Summary
Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
},
{
"name": "39472",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39472"
},
{
"name": "20100413 Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
},
{
"name": "39472",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39472"
},
{
"name": "20100413 Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php",
"refsource": "MISC",
"url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
},
{
"name": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html",
"refsource": "CONFIRM",
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
},
{
"name": "39472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39472"
},
{
"name": "20100413 Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1329",
"datePublished": "2010-04-15T17:00:00",
"dateReserved": "2010-04-08T00:00:00",
"dateUpdated": "2024-08-07T01:21:18.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5266 (GCVE-0-2011-5266)
Vulnerability from nvd – Published: 2020-01-08 22:43 – Updated: 2024-08-07 00:30
VLAI?
Summary
Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:30:46.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/May/163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-08T22:43:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2011/May/163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2011/May/163",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2011/May/163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5266",
"datePublished": "2020-01-08T22:43:52",
"dateReserved": "2013-07-12T00:00:00",
"dateUpdated": "2024-08-07T00:30:46.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4887 (GCVE-0-2011-4887)
Vulnerability from nvd – Published: 2014-09-11 14:00 – Updated: 2024-08-07 00:16
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-002/"
},
{
"name": "securesphere-unspec-xss(73264)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73264"
},
{
"name": "52064",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.imperva.com/Services/adc_advisories_response_secureworks_CVE_2011_4887"
},
{
"name": "79338",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/79338"
},
{
"name": "48086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-002/"
},
{
"name": "securesphere-unspec-xss(73264)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73264"
},
{
"name": "52064",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.imperva.com/Services/adc_advisories_response_secureworks_CVE_2011_4887"
},
{
"name": "79338",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/79338"
},
{
"name": "48086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-002/",
"refsource": "MISC",
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-002/"
},
{
"name": "securesphere-unspec-xss(73264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73264"
},
{
"name": "52064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52064"
},
{
"name": "http://www.imperva.com/Services/adc_advisories_response_secureworks_CVE_2011_4887",
"refsource": "CONFIRM",
"url": "http://www.imperva.com/Services/adc_advisories_response_secureworks_CVE_2011_4887"
},
{
"name": "79338",
"refsource": "OSVDB",
"url": "http://osvdb.org/79338"
},
{
"name": "48086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4887",
"datePublished": "2014-09-11T14:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0767 (GCVE-0-2011-0767)
Vulnerability from nvd – Published: 2011-06-06 19:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44772"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secureworks.com/research/advisories/SWRX-2011-001/"
},
{
"name": "securesphere-web-server-xss(67779)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67779"
},
{
"name": "VU#567774",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/567774"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "44772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44772"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secureworks.com/research/advisories/SWRX-2011-001/"
},
{
"name": "securesphere-web-server-xss(67779)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67779"
},
{
"name": "VU#567774",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/567774"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44772",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44772"
},
{
"name": "http://www.secureworks.com/research/advisories/SWRX-2011-001/",
"refsource": "MISC",
"url": "http://www.secureworks.com/research/advisories/SWRX-2011-001/"
},
{
"name": "securesphere-web-server-xss(67779)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67779"
},
{
"name": "VU#567774",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/567774"
},
{
"name": "http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html",
"refsource": "CONFIRM",
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-0767",
"datePublished": "2011-06-06T19:00:00",
"dateReserved": "2011-02-03T00:00:00",
"dateUpdated": "2024-08-06T22:05:53.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1329 (GCVE-0-2010-1329)
Vulnerability from nvd – Published: 2010-04-15 17:00 – Updated: 2024-08-07 01:21
VLAI?
Summary
Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
},
{
"name": "39472",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39472"
},
{
"name": "20100413 Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
},
{
"name": "39472",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39472"
},
{
"name": "20100413 Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php",
"refsource": "MISC",
"url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
},
{
"name": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html",
"refsource": "CONFIRM",
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
},
{
"name": "39472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39472"
},
{
"name": "20100413 Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1329",
"datePublished": "2010-04-15T17:00:00",
"dateReserved": "2010-04-08T00:00:00",
"dateUpdated": "2024-08-07T01:21:18.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}