CVE-2021-45468

Name of the Vulnerable Software and Affected Versions Imperva Web Application Firewall (WAF) versions prior to 2021-12-23

Description The issue allows remote unauthenticated attackers to use Content-Encoding: gzip to evade security controls and send malicious HTTP POST requests to web servers behind the WAF.

Recommendations For versions prior to 2021-12-23, update to a version released after 2021-12-23 to resolve the issue. As a temporary workaround, consider restricting the use of Content-Encoding: gzip in HTTP requests until a patch is available.