CVE-2011-3140

Name of the Vulnerable Software and Affected Versions IBM Web Application Firewall versions prior to update 31.030

Description The issue allows remote attackers to bypass intended intrusion prevention by dividing a dangerous parameter value into substrings. This can be demonstrated by a SQL statement that is split across multiple iid parameters and then sent to a .aspx file on an IIS web server.

Recommendations For IBM Web Application Firewall versions prior to update 31.030, update to version 31.030 or later to resolve the issue. As a temporary workaround, consider restricting access to the iid parameter in affected API endpoints until a patch is available.