CVE-2010-1329 (GCVE-0-2010-1329)

Vulnerability from cvelistv5 – Published: 2010-04-15 17:00 – Updated: 2024-08-07 01:21

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.clearskies.net/documents/css-advisory-…	x_refsource_MISC
	http://www.imperva.com/resources/adc/adc_advisori…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/39472	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/510709/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:21:18.473Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
          },
          {
            "name": "39472",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/39472"
          },
          {
            "name": "20100413 Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-04-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
        },
        {
          "name": "39472",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/39472"
        },
        {
          "name": "20100413 Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1329",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php",
              "refsource": "MISC",
              "url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
            },
            {
              "name": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html",
              "refsource": "CONFIRM",
              "url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
            },
            {
              "name": "39472",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/39472"
            },
            {
              "name": "20100413 Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-1329",
    "datePublished": "2010-04-15T17:00:00",
    "dateReserved": "2010-04-08T00:00:00",
    "dateUpdated": "2024-08-07T01:21:18.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_web_application_firewall:5.0.0.5082:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9A7B25E-BEB0-417B-8EB5-96307ED9B7E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.5.6230:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38B58D25-856C-4EA0-8BC4-F15A3418007F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.5.6238:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BCE6B26-F4B5-49BF-A327-4E580314F849\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.6.6274:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB352839-EA7F-417C-9B83-E01E33AE099A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.6.6302:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAC5D1E3-FAF0-488B-818E-EA3298F00467\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_web_application_firewall:6.2.0.6442:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FEE98AC-E353-4959-9F17-ED314FD412EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_web_application_firewall:6.2.0.6463:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA7BE17E-BB21-443D-822A-4A5356CE1928\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7061:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD39B83F-25B7-4674-A4B8-7EBDCD3EC611\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_database_firewall:5.0.0.5082:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92F6318F-F82B-49CE-BBDE-590FBAC94788\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_database_firewall:6.0.5.6230:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BCF4FCD-2CB2-4DA6-85B7-9368141E900F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_database_firewall:6.0.5.6238:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F474DA7-3CF6-465F-9CBB-C9303139455E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_database_firewall:6.0.6.6274:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57CB57EC-AD75-4BF5-BC0C-7A59AC9C5B70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_database_firewall:6.0.6.6302:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE9EBB80-2DA7-457D-A22B-FC7DEFA540CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_database_firewall:6.2.0.6442:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C22550D-3C07-46B2-BC2A-BF0B48F61C18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_database_firewall:6.2.0.6463:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"468E56A4-83CA-4C67-9289-EE2B25AB1431\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_database_firewall:7.0.0.7061:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9D811A9-CA1E-4C73-B25D-98E04CD46388\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_database_firewall:6.0.4.6128:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE558AAE-8F45-4083-AB63-DE3E6F821D22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.4.6128:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA0499B4-0EA7-4F6C-840E-BA74C0CFCA0E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:crossbeamsystems:xos:8.0\\\\/5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D66A03BA-6835-4651-8AFA-08DA2AB663B5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_database_firewall:7.0.0.7078:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64A18DB2-099E-4CC8-A2AA-71202C754DFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7078:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F11F0459-AA27-4892-AA26-F2BCB7CB3B1C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:crossbeamsystems:xos:8.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CD4EC0F-B72B-4B76-AD2D-54C5C4C78D4A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation.\"}, {\"lang\": \"es\", \"value\": \"Imperva SecureSphere Web Application Firewall y Database Firewall v5.0.0.5082 a la v7.0.0.7078, permite a atacantes remotos evitar la funcionalidad de prevenci\\u00f3n frente a intrusiones mediante un petici\\u00f3n que tiene a\\u00f1adida una cadena larga manipulada de un modo no especificada.\"}]",
      "id": "CVE-2010-1329",
      "lastModified": "2024-11-21T01:14:09.600",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:C/A:N\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2010-04-15T17:30:00.553",
      "references": "[{\"url\": \"http://www.clearskies.net/documents/css-advisory-css1001-imperva.php\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/510709/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/39472\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.clearskies.net/documents/css-advisory-css1001-imperva.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/510709/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/39472\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-1329\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-04-15T17:30:00.553\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation.\"},{\"lang\":\"es\",\"value\":\"Imperva SecureSphere Web Application Firewall y Database Firewall v5.0.0.5082 a la v7.0.0.7078, permite a atacantes remotos evitar la funcionalidad de prevenci\u00f3n frente a intrusiones mediante un petici\u00f3n que tiene a\u00f1adida una cadena larga manipulada de un modo no especificada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:C/A:N\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_web_application_firewall:5.0.0.5082:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9A7B25E-BEB0-417B-8EB5-96307ED9B7E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.5.6230:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38B58D25-856C-4EA0-8BC4-F15A3418007F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.5.6238:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BCE6B26-F4B5-49BF-A327-4E580314F849\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.6.6274:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB352839-EA7F-417C-9B83-E01E33AE099A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.6.6302:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAC5D1E3-FAF0-488B-818E-EA3298F00467\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_web_application_firewall:6.2.0.6442:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FEE98AC-E353-4959-9F17-ED314FD412EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_web_application_firewall:6.2.0.6463:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA7BE17E-BB21-443D-822A-4A5356CE1928\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7061:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD39B83F-25B7-4674-A4B8-7EBDCD3EC611\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_database_firewall:5.0.0.5082:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92F6318F-F82B-49CE-BBDE-590FBAC94788\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_database_firewall:6.0.5.6230:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BCF4FCD-2CB2-4DA6-85B7-9368141E900F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_database_firewall:6.0.5.6238:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F474DA7-3CF6-465F-9CBB-C9303139455E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_database_firewall:6.0.6.6274:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57CB57EC-AD75-4BF5-BC0C-7A59AC9C5B70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_database_firewall:6.0.6.6302:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE9EBB80-2DA7-457D-A22B-FC7DEFA540CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_database_firewall:6.2.0.6442:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C22550D-3C07-46B2-BC2A-BF0B48F61C18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_database_firewall:6.2.0.6463:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"468E56A4-83CA-4C67-9289-EE2B25AB1431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_database_firewall:7.0.0.7061:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9D811A9-CA1E-4C73-B25D-98E04CD46388\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_database_firewall:6.0.4.6128:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE558AAE-8F45-4083-AB63-DE3E6F821D22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.4.6128:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA0499B4-0EA7-4F6C-840E-BA74C0CFCA0E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:crossbeamsystems:xos:8.0\\\\/5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D66A03BA-6835-4651-8AFA-08DA2AB663B5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_database_firewall:7.0.0.7078:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64A18DB2-099E-4CC8-A2AA-71202C754DFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7078:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F11F0459-AA27-4892-AA26-F2BCB7CB3B1C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:crossbeamsystems:xos:8.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CD4EC0F-B72B-4B76-AD2D-54C5C4C78D4A\"}]}]}],\"references\":[{\"url\":\"http://www.clearskies.net/documents/css-advisory-css1001-imperva.php\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/510709/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/39472\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.clearskies.net/documents/css-advisory-css1001-imperva.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/510709/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/39472\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-201004-0342

Vulnerability from variot - Updated: 2023-12-18 13:58

Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation. An attacker can exploit this issue to bypass firewall restrictions. Successful exploits may lead to other attacks. The Imperva SecureSphere Database Firewall monitors and proactively protects databases from internal abuse, database attacks, and unauthorized activity. Protection provided by the Imperva device against attacks such as SQL injection and Cross-Site Scripting is negated, allowing unfiltered requests through to protected applications.

SEVERITY RATING

Rating: High Risk - CVSS 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N) Impact: Bypass security control Where: Remote

THREAT EVALUATION

An attacker can use this flaw to bypass firewall protections. Only minimal skill is required and the bypass can be incorporated into existing exploitation frameworks and security testing tools. Exploitation of this issue does not permanently affect the device; each evasion request must contain the bypass payload.

IDENTIFYING VULNERABLE INSTALLATIONS

Administrators can identify the current version in use by going to the Licensing menu in the administration console. Versions less than those identified in the Solutions section below are vulnerable.

DETECTING EXPLOITATION

The Imperva device provides no indication when this vulnerability is exploited. If other controls are in place such as network traffic monitors, IDS/IPS, or web filters, these should be configured to alert on payloads containing attack patterns. This includes all versions of SecureSphere from 5.0 through 7.0.

SOLUTION

The vendor has released patches for affected versions to address this issue. Customers are strongly encouraged to apply the update as soon as possible. Refer to http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html for upgrade instructions. No reliable workaround is available.

The vendor has provided the following version and patch data:

Version Patch Number 7.0.0.7078 Patch 11 7.0.0.7061 Patch 11 6.2.0.6463 Patch 24 6.2.0.6442 Patch 24 6.0.6.6302 Patch 30 6.0.6.6274 Patch 30 6.0.5.6238 Patch 30 6.0.5.6230 Patch 30 6.0.4.6128 Patch 30 5.0.0.5082 Patch 30 6.0.4.6128 on XOS 8.0/5 ssgw-6128-CBI10 7.0.0.7078 on XOS 8.5.3 ssgw-7.0.0.7267-CBI28

VULNERABILITY ID

CVE-2010-1329

TIME TABLE

2009-08-31 - Vendor notified. 2010-03-09 - Vendor released patched firmware. 2010-04-05 - Public notification

REFERENCES

http://www.clearskies.net/documents/css-advisory-css1001-imperva.php http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html

CREDITS

Scott Miles and Greag Johnson, Clear Skies Security, identified this flaw.

Clear Skies would like to thank Mike Sanders and Accuvant Labs for their assistance in clarifying and working with the vendor to correct this issue.

LEGAL NOTICES

Disclaimer: The information in the advisory is believed to be accurate at the time of publishing and is subject to change without notice. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. The author is not liable for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Copyright 2010 Clear Skies Security, LLC. Permission is granted for the redistribution of this alert electronically. To reprint this alert, in whole or in part, in any other medium other than electronically, please e-mail info (at) clearskies (dot) net for permission

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201004-0342",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "securesphere web application firewall",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "imperva",
        "version": "6.0.4.6128"
      },
      {
        "model": "securesphere web application firewall",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "imperva",
        "version": "7.0.0.7078"
      },
      {
        "model": "securesphere database firewall",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "imperva",
        "version": "6.0.6.6302"
      },
      {
        "model": "securesphere database firewall",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "imperva",
        "version": "6.0.6.6274"
      },
      {
        "model": "securesphere database firewall",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "imperva",
        "version": "6.0.4.6128"
      },
      {
        "model": "securesphere database firewall",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "imperva",
        "version": "6.2.0.6463"
      },
      {
        "model": "securesphere database firewall",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "imperva",
        "version": "7.0.0.7061"
      },
      {
        "model": "securesphere database firewall",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "imperva",
        "version": "6.2.0.6442"
      },
      {
        "model": "securesphere database firewall",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "imperva",
        "version": "5.0.0.5082"
      },
      {
        "model": "securesphere database firewall",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "imperva",
        "version": "7.0.0.7078"
      },
      {
        "model": "securesphere web application firewall",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "imperva",
        "version": "6.0.6.6302"
      },
      {
        "model": "securesphere web application firewall",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "imperva",
        "version": "6.0.6.6274"
      },
      {
        "model": "securesphere web application firewall",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "imperva",
        "version": "6.0.5.6238"
      },
      {
        "model": "securesphere web application firewall",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "imperva",
        "version": "6.0.5.6230"
      },
      {
        "model": "securesphere web application firewall",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "imperva",
        "version": "7.0.0.7061"
      },
      {
        "model": "securesphere web application firewall",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "imperva",
        "version": "6.2.0.6463"
      },
      {
        "model": "securesphere database firewall",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "imperva",
        "version": "6.0.5.6238"
      },
      {
        "model": "securesphere database firewall",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "imperva",
        "version": "6.0.5.6230"
      },
      {
        "model": "securesphere web application firewall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "imperva",
        "version": "5.0.0.5082"
      },
      {
        "model": "securesphere web application firewall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "imperva",
        "version": "6.2.0.6442"
      },
      {
        "model": "securesphere database firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "imperva",
        "version": ".0.0.5082 to  7.0.0.7078"
      },
      {
        "model": "securesphere web application firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "imperva",
        "version": "5.0.0.5082 to  7.0.0.7078"
      },
      {
        "model": "securesphere web application firewall on xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "imperva",
        "version": "7.0.70788.5.3"
      },
      {
        "model": "securesphere web application firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "imperva",
        "version": "6.2.6442"
      },
      {
        "model": "securesphere web application firewall on xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "imperva",
        "version": "6.0.4.61288.0/5"
      },
      {
        "model": "securesphere web application firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "imperva",
        "version": "5.0.5082"
      },
      {
        "model": "securesphere mx management server and gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "imperva",
        "version": "6.0"
      },
      {
        "model": "securesphere mx management server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "imperva",
        "version": "5.x"
      },
      {
        "model": "securesphere mx management server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "imperva",
        "version": "5.0"
      },
      {
        "model": "securesphere database firewall on xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "imperva",
        "version": "7.0.70788.5.3"
      },
      {
        "model": "securesphere database firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "imperva",
        "version": "7.0.7078"
      },
      {
        "model": "securesphere database firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "imperva",
        "version": "7.0.7061"
      },
      {
        "model": "securesphere database firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "imperva",
        "version": "6.2.6463"
      },
      {
        "model": "securesphere database firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "imperva",
        "version": "6.2.6442"
      },
      {
        "model": "securesphere database firewall on xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "imperva",
        "version": "6.0.4.61288.0/5"
      },
      {
        "model": "securesphere database firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "imperva",
        "version": "5.0.5082"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "39472"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002814"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1329"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-285"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.5.6238:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:5.0.0.5082:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.6.6302:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.2.0.6442:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.2.0.6463:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7061:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.5.6230:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.6.6274:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:7.0.0.7061:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:5.0.0.5082:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.6.6274:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.6.6302:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.2.0.6442:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.2.0.6463:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.5.6230:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.5.6238:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.4.6128:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.4.6128:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:crossbeamsystems:xos:8.0\\/5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:7.0.0.7078:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7078:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:crossbeamsystems:xos:8.5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-1329"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Scott Miles and Greag Johnson, Clear Skies Security",
    "sources": [
      {
        "db": "BID",
        "id": "39472"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-285"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2010-1329",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2010-1329",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-43934",
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:C/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-1329",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201004-285",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-43934",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002814"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1329"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-285"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation. \nAn attacker can exploit this issue to bypass firewall restrictions. Successful exploits may lead to other attacks. The Imperva SecureSphere Database Firewall \nmonitors and proactively protects databases from internal abuse, \ndatabase attacks, and unauthorized activity. Protection provided by the Imperva device against attacks \nsuch as SQL injection and Cross-Site Scripting is negated, allowing \nunfiltered requests through to protected applications. \n\nSEVERITY RATING\n===============\nRating: High Risk - CVSS 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N) \nImpact: Bypass security control\nWhere:  Remote\n\nTHREAT EVALUATION\n=================\nAn attacker can use this flaw to bypass firewall protections. Only minimal skill is \nrequired and the bypass can be incorporated into existing exploitation \nframeworks and security testing tools. Exploitation of this issue does \nnot permanently affect the device; each evasion request must contain \nthe bypass payload. \n\nIDENTIFYING VULNERABLE INSTALLATIONS\n====================================\nAdministrators can identify the current version in use by going to the \nLicensing menu in the administration console. Versions less than those \nidentified in the Solutions section below are vulnerable. \n\nDETECTING EXPLOITATION\n======================\nThe Imperva device provides no indication when this vulnerability is \nexploited. If other controls are in place such as network traffic \nmonitors, IDS/IPS, or web filters, these should be configured to alert \non payloads containing attack patterns. This includes all versions of \nSecureSphere from 5.0 through 7.0. \n\nSOLUTION\n========\nThe vendor has released patches for affected versions to address this \nissue. Customers are strongly encouraged to apply the update as soon \nas possible. Refer to \nhttp://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html \nfor upgrade instructions. No reliable workaround is available. \n\nThe vendor has provided the following version and patch data:\n\nVersion                  Patch Number\n7.0.0.7078               Patch 11\n7.0.0.7061               Patch 11\n6.2.0.6463               Patch 24\n6.2.0.6442               Patch 24\n6.0.6.6302               Patch 30\n6.0.6.6274               Patch 30\n6.0.5.6238               Patch 30\n6.0.5.6230               Patch 30\n6.0.4.6128               Patch 30\n5.0.0.5082               Patch 30\n6.0.4.6128 on XOS 8.0/5  ssgw-6128-CBI10\n7.0.0.7078 on XOS 8.5.3  ssgw-7.0.0.7267-CBI28\n \nVULNERABILITY ID\n================\nCVE-2010-1329 \n\nTIME TABLE\n==========\n2009-08-31 - Vendor notified. \n2010-03-09 - Vendor released patched firmware. \n2010-04-05 - Public notification\n\nREFERENCES\n==========\nhttp://www.clearskies.net/documents/css-advisory-css1001-imperva.php\nhttp://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html \n\nCREDITS\n=======\nScott Miles and Greag Johnson, Clear Skies Security, identified this \nflaw. \n\nClear Skies would like to thank Mike Sanders and Accuvant Labs for \ntheir assistance in clarifying and working with the vendor to correct \nthis issue. \n\nLEGAL NOTICES\n=============\nDisclaimer: The information in the advisory is believed to be \naccurate at the time of publishing and is subject to change without \nnotice. Use of the information constitutes acceptance for use in an \nAS IS condition. There are no warranties with regard to this \ninformation. The author is not liable for any direct, indirect, or \nconsequential loss or damage arising from use of, or reliance on, \nthis information. \n\nCopyright 2010 Clear Skies Security, LLC. \nPermission is granted for the redistribution of this alert \nelectronically. To reprint this alert, in whole or in part, in any \nother medium other than electronically, please e-mail info (at) \nclearskies (dot) net for permission",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-1329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002814"
      },
      {
        "db": "BID",
        "id": "39472"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43934"
      },
      {
        "db": "PACKETSTORM",
        "id": "88386"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-43934",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43934"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-1329",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "39472",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002814",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-285",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20100413 IMPERVA SECURESPHERE WEB APPLICATION FIREWALL AND DATABASE FIREWALL BYPASS VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "88386",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-43934",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43934"
      },
      {
        "db": "BID",
        "id": "39472"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002814"
      },
      {
        "db": "PACKETSTORM",
        "id": "88386"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1329"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-285"
      }
    ]
  },
  "id": "VAR-201004-0342",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43934"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:58:01.761000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Imperva Security Response for CVE-2010-1329",
        "trust": 0.8,
        "url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002814"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-1329"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/39472"
      },
      {
        "trust": 2.1,
        "url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1329"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1329"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/510709/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.imperva.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/510709"
      },
      {
        "trust": 0.1,
        "url": "http://www.imperva.com/products/securesphere-data-security-suite.html)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1329"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43934"
      },
      {
        "db": "BID",
        "id": "39472"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002814"
      },
      {
        "db": "PACKETSTORM",
        "id": "88386"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1329"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-285"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-43934"
      },
      {
        "db": "BID",
        "id": "39472"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002814"
      },
      {
        "db": "PACKETSTORM",
        "id": "88386"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1329"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-285"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-04-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-43934"
      },
      {
        "date": "2010-04-14T00:00:00",
        "db": "BID",
        "id": "39472"
      },
      {
        "date": "2011-06-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002814"
      },
      {
        "date": "2010-04-15T22:23:03",
        "db": "PACKETSTORM",
        "id": "88386"
      },
      {
        "date": "2010-04-15T17:30:00.553000",
        "db": "NVD",
        "id": "CVE-2010-1329"
      },
      {
        "date": "2010-04-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201004-285"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-43934"
      },
      {
        "date": "2010-04-14T00:00:00",
        "db": "BID",
        "id": "39472"
      },
      {
        "date": "2011-06-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002814"
      },
      {
        "date": "2018-10-10T19:56:47.740000",
        "db": "NVD",
        "id": "CVE-2010-1329"
      },
      {
        "date": "2010-04-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201004-285"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-285"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Imperva SecureSphere of  Web Application Firewall and  Database Firewall In  intrusion-prevention Vulnerability that bypasses functionality",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002814"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-285"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2010-1329

Vulnerability from fkie_nvd - Published: 2010-04-15 17:30 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.clearskies.net/documents/css-advisory-css1001-imperva.php
cve@mitre.org	http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/510709/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/39472
af854a3a-2127-422b-91ae-364da2661108	http://www.clearskies.net/documents/css-advisory-css1001-imperva.php
af854a3a-2127-422b-91ae-364da2661108	http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/510709/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/39472

Impacted products

Vendor	Product	Version
imperva	securesphere_web_application_firewall	5.0.0.5082
imperva	securesphere_web_application_firewall	6.0.5.6230
imperva	securesphere_web_application_firewall	6.0.5.6238
imperva	securesphere_web_application_firewall	6.0.6.6274
imperva	securesphere_web_application_firewall	6.0.6.6302
imperva	securesphere_web_application_firewall	6.2.0.6442
imperva	securesphere_web_application_firewall	6.2.0.6463
imperva	securesphere_web_application_firewall	7.0.0.7061
imperva	securesphere_database_firewall	5.0.0.5082
imperva	securesphere_database_firewall	6.0.5.6230
imperva	securesphere_database_firewall	6.0.5.6238
imperva	securesphere_database_firewall	6.0.6.6274
imperva	securesphere_database_firewall	6.0.6.6302
imperva	securesphere_database_firewall	6.2.0.6442
imperva	securesphere_database_firewall	6.2.0.6463
imperva	securesphere_database_firewall	7.0.0.7061
imperva	securesphere_database_firewall	6.0.4.6128
imperva	securesphere_web_application_firewall	6.0.4.6128
crossbeamsystems	xos	8.0\/5
imperva	securesphere_database_firewall	7.0.0.7078
imperva	securesphere_web_application_firewall	7.0.0.7078
crossbeamsystems	xos	8.5.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:5.0.0.5082:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A7B25E-BEB0-417B-8EB5-96307ED9B7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.5.6230:*:*:*:*:*:*:*",
              "matchCriteriaId": "38B58D25-856C-4EA0-8BC4-F15A3418007F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.5.6238:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BCE6B26-F4B5-49BF-A327-4E580314F849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.6.6274:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB352839-EA7F-417C-9B83-E01E33AE099A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.6.6302:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAC5D1E3-FAF0-488B-818E-EA3298F00467",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.2.0.6442:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FEE98AC-E353-4959-9F17-ED314FD412EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.2.0.6463:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA7BE17E-BB21-443D-822A-4A5356CE1928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7061:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD39B83F-25B7-4674-A4B8-7EBDCD3EC611",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:5.0.0.5082:*:*:*:*:*:*:*",
              "matchCriteriaId": "92F6318F-F82B-49CE-BBDE-590FBAC94788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.5.6230:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BCF4FCD-2CB2-4DA6-85B7-9368141E900F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.5.6238:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F474DA7-3CF6-465F-9CBB-C9303139455E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.6.6274:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CB57EC-AD75-4BF5-BC0C-7A59AC9C5B70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.6.6302:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE9EBB80-2DA7-457D-A22B-FC7DEFA540CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:6.2.0.6442:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C22550D-3C07-46B2-BC2A-BF0B48F61C18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:6.2.0.6463:*:*:*:*:*:*:*",
              "matchCriteriaId": "468E56A4-83CA-4C67-9289-EE2B25AB1431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:7.0.0.7061:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D811A9-CA1E-4C73-B25D-98E04CD46388",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.4.6128:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE558AAE-8F45-4083-AB63-DE3E6F821D22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.4.6128:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA0499B4-0EA7-4F6C-840E-BA74C0CFCA0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:crossbeamsystems:xos:8.0\\/5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D66A03BA-6835-4651-8AFA-08DA2AB663B5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_database_firewall:7.0.0.7078:*:*:*:*:*:*:*",
              "matchCriteriaId": "64A18DB2-099E-4CC8-A2AA-71202C754DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7078:*:*:*:*:*:*:*",
              "matchCriteriaId": "F11F0459-AA27-4892-AA26-F2BCB7CB3B1C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:crossbeamsystems:xos:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CD4EC0F-B72B-4B76-AD2D-54C5C4C78D4A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation."
    },
    {
      "lang": "es",
      "value": "Imperva SecureSphere Web Application Firewall y Database Firewall v5.0.0.5082 a la v7.0.0.7078, permite a atacantes remotos evitar la funcionalidad de prevenci\u00f3n frente a intrusiones mediante un petici\u00f3n que tiene a\u00f1adida una cadena larga manipulada de un modo no especificada."
    }
  ],
  "id": "CVE-2010-1329",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-04-15T17:30:00.553",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/39472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/39472"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2010-1329

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-1329

Aliases

CVE-2010-1329

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-1329",
    "description": "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation.",
    "id": "GSD-2010-1329"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-1329"
      ],
      "details": "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation.",
      "id": "GSD-2010-1329",
      "modified": "2023-12-13T01:21:33.207242Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-1329",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php",
            "refsource": "MISC",
            "url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
          },
          {
            "name": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html",
            "refsource": "CONFIRM",
            "url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
          },
          {
            "name": "39472",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/39472"
          },
          {
            "name": "20100413 Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.5.6238:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:5.0.0.5082:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.6.6302:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.2.0.6442:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.2.0.6463:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7061:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.5.6230:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.6.6274:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:7.0.0.7061:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:5.0.0.5082:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.6.6274:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.6.6302:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.2.0.6442:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.2.0.6463:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.5.6230:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.5.6238:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.4.6128:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.4.6128:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:crossbeamsystems:xos:8.0\\/5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:7.0.0.7078:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7078:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:crossbeamsystems:xos:8.5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1329"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
            },
            {
              "name": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
            },
            {
              "name": "39472",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/39472"
            },
            {
              "name": "20100413 Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T19:56Z",
      "publishedDate": "2010-04-15T17:30Z"
    }
  }
}

GHSA-F243-JMP3-FR46

Vulnerability from github – Published: 2022-05-02 06:21 – Updated: 2022-05-02 06:21

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-1329"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-04-15T17:30:00Z",
    "severity": "HIGH"
  },
  "details": "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation.",
  "id": "GHSA-f243-jmp3-fr46",
  "modified": "2022-05-02T06:21:35Z",
  "published": "2022-05-02T06:21:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1329"
    },
    {
      "type": "WEB",
      "url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
    },
    {
      "type": "WEB",
      "url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/39472"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-1329 (GCVE-0-2010-1329)

VAR-201004-0342

SEVERITY RATING

THREAT EVALUATION

IDENTIFYING VULNERABLE INSTALLATIONS

DETECTING EXPLOITATION

SOLUTION

VULNERABILITY ID

TIME TABLE

REFERENCES

CREDITS

LEGAL NOTICES

FKIE_CVE-2010-1329

GSD-2010-1329

GHSA-F243-JMP3-FR46

Tags

Sightings

Nomenclature