VAR-201004-0342
Vulnerability from variot - Updated: 2023-12-18 13:58Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation. An attacker can exploit this issue to bypass firewall restrictions. Successful exploits may lead to other attacks. The Imperva SecureSphere Database Firewall monitors and proactively protects databases from internal abuse, database attacks, and unauthorized activity. Protection provided by the Imperva device against attacks such as SQL injection and Cross-Site Scripting is negated, allowing unfiltered requests through to protected applications.
SEVERITY RATING
Rating: High Risk - CVSS 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N) Impact: Bypass security control Where: Remote
THREAT EVALUATION
An attacker can use this flaw to bypass firewall protections. Only minimal skill is required and the bypass can be incorporated into existing exploitation frameworks and security testing tools. Exploitation of this issue does not permanently affect the device; each evasion request must contain the bypass payload.
IDENTIFYING VULNERABLE INSTALLATIONS
Administrators can identify the current version in use by going to the Licensing menu in the administration console. Versions less than those identified in the Solutions section below are vulnerable.
DETECTING EXPLOITATION
The Imperva device provides no indication when this vulnerability is exploited. If other controls are in place such as network traffic monitors, IDS/IPS, or web filters, these should be configured to alert on payloads containing attack patterns. This includes all versions of SecureSphere from 5.0 through 7.0.
SOLUTION
The vendor has released patches for affected versions to address this issue. Customers are strongly encouraged to apply the update as soon as possible. Refer to http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html for upgrade instructions. No reliable workaround is available.
The vendor has provided the following version and patch data:
Version Patch Number 7.0.0.7078 Patch 11 7.0.0.7061 Patch 11 6.2.0.6463 Patch 24 6.2.0.6442 Patch 24 6.0.6.6302 Patch 30 6.0.6.6274 Patch 30 6.0.5.6238 Patch 30 6.0.5.6230 Patch 30 6.0.4.6128 Patch 30 5.0.0.5082 Patch 30 6.0.4.6128 on XOS 8.0/5 ssgw-6128-CBI10 7.0.0.7078 on XOS 8.5.3 ssgw-7.0.0.7267-CBI28
VULNERABILITY ID
CVE-2010-1329
TIME TABLE
2009-08-31 - Vendor notified. 2010-03-09 - Vendor released patched firmware. 2010-04-05 - Public notification
REFERENCES
http://www.clearskies.net/documents/css-advisory-css1001-imperva.php http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html
CREDITS
Scott Miles and Greag Johnson, Clear Skies Security, identified this flaw.
Clear Skies would like to thank Mike Sanders and Accuvant Labs for their assistance in clarifying and working with the vendor to correct this issue.
LEGAL NOTICES
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing and is subject to change without notice. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. The author is not liable for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Copyright 2010 Clear Skies Security, LLC. Permission is granted for the redistribution of this alert electronically. To reprint this alert, in whole or in part, in any other medium other than electronically, please e-mail info (at) clearskies (dot) net for permission
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201004-0342",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "securesphere web application firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "imperva",
"version": "6.0.4.6128"
},
{
"model": "securesphere web application firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "imperva",
"version": "7.0.0.7078"
},
{
"model": "securesphere database firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "imperva",
"version": "6.0.6.6302"
},
{
"model": "securesphere database firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "imperva",
"version": "6.0.6.6274"
},
{
"model": "securesphere database firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "imperva",
"version": "6.0.4.6128"
},
{
"model": "securesphere database firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "imperva",
"version": "6.2.0.6463"
},
{
"model": "securesphere database firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "imperva",
"version": "7.0.0.7061"
},
{
"model": "securesphere database firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "imperva",
"version": "6.2.0.6442"
},
{
"model": "securesphere database firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "imperva",
"version": "5.0.0.5082"
},
{
"model": "securesphere database firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "imperva",
"version": "7.0.0.7078"
},
{
"model": "securesphere web application firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "imperva",
"version": "6.0.6.6302"
},
{
"model": "securesphere web application firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "imperva",
"version": "6.0.6.6274"
},
{
"model": "securesphere web application firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "imperva",
"version": "6.0.5.6238"
},
{
"model": "securesphere web application firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "imperva",
"version": "6.0.5.6230"
},
{
"model": "securesphere web application firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "imperva",
"version": "7.0.0.7061"
},
{
"model": "securesphere web application firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "imperva",
"version": "6.2.0.6463"
},
{
"model": "securesphere database firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "imperva",
"version": "6.0.5.6238"
},
{
"model": "securesphere database firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "imperva",
"version": "6.0.5.6230"
},
{
"model": "securesphere web application firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "imperva",
"version": "5.0.0.5082"
},
{
"model": "securesphere web application firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "imperva",
"version": "6.2.0.6442"
},
{
"model": "securesphere database firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "imperva",
"version": ".0.0.5082 to 7.0.0.7078"
},
{
"model": "securesphere web application firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "imperva",
"version": "5.0.0.5082 to 7.0.0.7078"
},
{
"model": "securesphere web application firewall on xos",
"scope": "eq",
"trust": 0.3,
"vendor": "imperva",
"version": "7.0.70788.5.3"
},
{
"model": "securesphere web application firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "imperva",
"version": "6.2.6442"
},
{
"model": "securesphere web application firewall on xos",
"scope": "eq",
"trust": 0.3,
"vendor": "imperva",
"version": "6.0.4.61288.0/5"
},
{
"model": "securesphere web application firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "imperva",
"version": "5.0.5082"
},
{
"model": "securesphere mx management server and gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "imperva",
"version": "6.0"
},
{
"model": "securesphere mx management server",
"scope": "eq",
"trust": 0.3,
"vendor": "imperva",
"version": "5.x"
},
{
"model": "securesphere mx management server",
"scope": "eq",
"trust": 0.3,
"vendor": "imperva",
"version": "5.0"
},
{
"model": "securesphere database firewall on xos",
"scope": "eq",
"trust": 0.3,
"vendor": "imperva",
"version": "7.0.70788.5.3"
},
{
"model": "securesphere database firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "imperva",
"version": "7.0.7078"
},
{
"model": "securesphere database firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "imperva",
"version": "7.0.7061"
},
{
"model": "securesphere database firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "imperva",
"version": "6.2.6463"
},
{
"model": "securesphere database firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "imperva",
"version": "6.2.6442"
},
{
"model": "securesphere database firewall on xos",
"scope": "eq",
"trust": 0.3,
"vendor": "imperva",
"version": "6.0.4.61288.0/5"
},
{
"model": "securesphere database firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "imperva",
"version": "5.0.5082"
}
],
"sources": [
{
"db": "BID",
"id": "39472"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002814"
},
{
"db": "NVD",
"id": "CVE-2010-1329"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-285"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.5.6238:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:5.0.0.5082:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.6.6302:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.2.0.6442:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.2.0.6463:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7061:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.5.6230:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.6.6274:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:7.0.0.7061:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:5.0.0.5082:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.6.6274:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.6.6302:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.2.0.6442:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.2.0.6463:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.5.6230:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.5.6238:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:6.0.4.6128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:6.0.4.6128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:crossbeamsystems:xos:8.0\\/5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_database_firewall:7.0.0.7078:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7078:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:crossbeamsystems:xos:8.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1329"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Miles and Greag Johnson, Clear Skies Security",
"sources": [
{
"db": "BID",
"id": "39472"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-285"
}
],
"trust": 0.9
},
"cve": "CVE-2010-1329",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2010-1329",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-43934",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-1329",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201004-285",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-43934",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43934"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002814"
},
{
"db": "NVD",
"id": "CVE-2010-1329"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-285"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation. \nAn attacker can exploit this issue to bypass firewall restrictions. Successful exploits may lead to other attacks. The Imperva SecureSphere Database Firewall \nmonitors and proactively protects databases from internal abuse, \ndatabase attacks, and unauthorized activity. Protection provided by the Imperva device against attacks \nsuch as SQL injection and Cross-Site Scripting is negated, allowing \nunfiltered requests through to protected applications. \n\nSEVERITY RATING\n===============\nRating: High Risk - CVSS 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N) \nImpact: Bypass security control\nWhere: Remote\n\nTHREAT EVALUATION\n=================\nAn attacker can use this flaw to bypass firewall protections. Only minimal skill is \nrequired and the bypass can be incorporated into existing exploitation \nframeworks and security testing tools. Exploitation of this issue does \nnot permanently affect the device; each evasion request must contain \nthe bypass payload. \n\nIDENTIFYING VULNERABLE INSTALLATIONS\n====================================\nAdministrators can identify the current version in use by going to the \nLicensing menu in the administration console. Versions less than those \nidentified in the Solutions section below are vulnerable. \n\nDETECTING EXPLOITATION\n======================\nThe Imperva device provides no indication when this vulnerability is \nexploited. If other controls are in place such as network traffic \nmonitors, IDS/IPS, or web filters, these should be configured to alert \non payloads containing attack patterns. This includes all versions of \nSecureSphere from 5.0 through 7.0. \n\nSOLUTION\n========\nThe vendor has released patches for affected versions to address this \nissue. Customers are strongly encouraged to apply the update as soon \nas possible. Refer to \nhttp://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html \nfor upgrade instructions. No reliable workaround is available. \n\nThe vendor has provided the following version and patch data:\n\nVersion Patch Number\n7.0.0.7078 Patch 11\n7.0.0.7061 Patch 11\n6.2.0.6463 Patch 24\n6.2.0.6442 Patch 24\n6.0.6.6302 Patch 30\n6.0.6.6274 Patch 30\n6.0.5.6238 Patch 30\n6.0.5.6230 Patch 30\n6.0.4.6128 Patch 30\n5.0.0.5082 Patch 30\n6.0.4.6128 on XOS 8.0/5 ssgw-6128-CBI10\n7.0.0.7078 on XOS 8.5.3 ssgw-7.0.0.7267-CBI28\n \nVULNERABILITY ID\n================\nCVE-2010-1329 \n\nTIME TABLE\n==========\n2009-08-31 - Vendor notified. \n2010-03-09 - Vendor released patched firmware. \n2010-04-05 - Public notification\n\nREFERENCES\n==========\nhttp://www.clearskies.net/documents/css-advisory-css1001-imperva.php\nhttp://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html \n\nCREDITS\n=======\nScott Miles and Greag Johnson, Clear Skies Security, identified this \nflaw. \n\nClear Skies would like to thank Mike Sanders and Accuvant Labs for \ntheir assistance in clarifying and working with the vendor to correct \nthis issue. \n\nLEGAL NOTICES\n=============\nDisclaimer: The information in the advisory is believed to be \naccurate at the time of publishing and is subject to change without \nnotice. Use of the information constitutes acceptance for use in an \nAS IS condition. There are no warranties with regard to this \ninformation. The author is not liable for any direct, indirect, or \nconsequential loss or damage arising from use of, or reliance on, \nthis information. \n\nCopyright 2010 Clear Skies Security, LLC. \nPermission is granted for the redistribution of this alert \nelectronically. To reprint this alert, in whole or in part, in any \nother medium other than electronically, please e-mail info (at) \nclearskies (dot) net for permission",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1329"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002814"
},
{
"db": "BID",
"id": "39472"
},
{
"db": "VULHUB",
"id": "VHN-43934"
},
{
"db": "PACKETSTORM",
"id": "88386"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-43934",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43934"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-1329",
"trust": 2.9
},
{
"db": "BID",
"id": "39472",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002814",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201004-285",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20100413 IMPERVA SECURESPHERE WEB APPLICATION FIREWALL AND DATABASE FIREWALL BYPASS VULNERABILITY",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "88386",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-43934",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43934"
},
{
"db": "BID",
"id": "39472"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002814"
},
{
"db": "PACKETSTORM",
"id": "88386"
},
{
"db": "NVD",
"id": "CVE-2010-1329"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-285"
}
]
},
"id": "VAR-201004-0342",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-43934"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:58:01.761000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Imperva Security Response for CVE-2010-1329",
"trust": 0.8,
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002814"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1329"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/39472"
},
{
"trust": 2.1,
"url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html"
},
{
"trust": 1.8,
"url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1329"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1329"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/510709/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.imperva.com"
},
{
"trust": 0.3,
"url": "/archive/1/510709"
},
{
"trust": 0.1,
"url": "http://www.imperva.com/products/securesphere-data-security-suite.html)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1329"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43934"
},
{
"db": "BID",
"id": "39472"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002814"
},
{
"db": "PACKETSTORM",
"id": "88386"
},
{
"db": "NVD",
"id": "CVE-2010-1329"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-285"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-43934"
},
{
"db": "BID",
"id": "39472"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002814"
},
{
"db": "PACKETSTORM",
"id": "88386"
},
{
"db": "NVD",
"id": "CVE-2010-1329"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-285"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-15T00:00:00",
"db": "VULHUB",
"id": "VHN-43934"
},
{
"date": "2010-04-14T00:00:00",
"db": "BID",
"id": "39472"
},
{
"date": "2011-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002814"
},
{
"date": "2010-04-15T22:23:03",
"db": "PACKETSTORM",
"id": "88386"
},
{
"date": "2010-04-15T17:30:00.553000",
"db": "NVD",
"id": "CVE-2010-1329"
},
{
"date": "2010-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201004-285"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-43934"
},
{
"date": "2010-04-14T00:00:00",
"db": "BID",
"id": "39472"
},
{
"date": "2011-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002814"
},
{
"date": "2018-10-10T19:56:47.740000",
"db": "NVD",
"id": "CVE-2010-1329"
},
{
"date": "2010-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201004-285"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201004-285"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Imperva SecureSphere of Web Application Firewall and Database Firewall In intrusion-prevention Vulnerability that bypasses functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002814"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201004-285"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…