PT-2018-13282 · A10 · A10 Acos Web Application Firewall

Publicado

2018-08-27

Atualizado

2018-11-09

CVE-2018-15904

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions A10 ACOS Web Application Firewall (WAF) versions 2.7.1 through 2.7.2 before 2.7.2-P12 A10 ACOS Web Application Firewall (WAF) version 4.1.0 before 4.1.0-P11 A10 ACOS Web Application Firewall (WAF) version 4.1.1 before 4.1.1-P8 A10 ACOS Web Application Firewall (WAF) version 4.1.2 before 4.1.2-P4

Description The issue is related to the mishandling of configured rules for blocking SQL injection attacks.

Recommendations For version 2.7.1, update to 2.7.2-P12 or later. For version 2.7.2 before 2.7.2-P12, update to 2.7.2-P12 or later. For version 4.1.0 before 4.1.0-P11, update to 4.1.0-P11 or later. For version 4.1.1 before 4.1.1-P8, update to 4.1.1-P8 or later. For version 4.1.2 before 4.1.2-P4, update to 4.1.2-P4 or later.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2018-15904

Produtos afetados

A10 Acos Web Application Firewall

PT-2018-13282 · A10 · A10 Acos Web Application Firewall

CVE-2018-15904

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3