Details of VAR-201004-0342

ID

VAR-201004-0342

CVE

CVE-2010-1329

TITLE

Imperva SecureSphere of Web Application Firewall and Database Firewall In intrusion-prevention Vulnerability that bypasses functionality

Trust: 0.8

sources: JVNDB: JVNDB-2010-002814

DESCRIPTION

Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation. An attacker can exploit this issue to bypass firewall restrictions. Successful exploits may lead to other attacks. The Imperva SecureSphere Database Firewall monitors and proactively protects databases from internal abuse, database attacks, and unauthorized activity. Protection provided by the Imperva device against attacks such as SQL injection and Cross-Site Scripting is negated, allowing unfiltered requests through to protected applications. SEVERITY RATING =============== Rating: High Risk - CVSS 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N) Impact: Bypass security control Where: Remote THREAT EVALUATION ================= An attacker can use this flaw to bypass firewall protections. Only minimal skill is required and the bypass can be incorporated into existing exploitation frameworks and security testing tools. Exploitation of this issue does not permanently affect the device; each evasion request must contain the bypass payload. IDENTIFYING VULNERABLE INSTALLATIONS ==================================== Administrators can identify the current version in use by going to the Licensing menu in the administration console. Versions less than those identified in the Solutions section below are vulnerable. DETECTING EXPLOITATION ====================== The Imperva device provides no indication when this vulnerability is exploited. If other controls are in place such as network traffic monitors, IDS/IPS, or web filters, these should be configured to alert on payloads containing attack patterns. This includes all versions of SecureSphere from 5.0 through 7.0. SOLUTION ======== The vendor has released patches for affected versions to address this issue. Customers are strongly encouraged to apply the update as soon as possible. Refer to http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html for upgrade instructions. No reliable workaround is available. The vendor has provided the following version and patch data: Version Patch Number 7.0.0.7078 Patch 11 7.0.0.7061 Patch 11 6.2.0.6463 Patch 24 6.2.0.6442 Patch 24 6.0.6.6302 Patch 30 6.0.6.6274 Patch 30 6.0.5.6238 Patch 30 6.0.5.6230 Patch 30 6.0.4.6128 Patch 30 5.0.0.5082 Patch 30 6.0.4.6128 on XOS 8.0/5 ssgw-6128-CBI10 7.0.0.7078 on XOS 8.5.3 ssgw-7.0.0.7267-CBI28 VULNERABILITY ID ================ CVE-2010-1329 TIME TABLE ========== 2009-08-31 - Vendor notified. 2010-03-09 - Vendor released patched firmware. 2010-04-05 - Public notification REFERENCES ========== http://www.clearskies.net/documents/css-advisory-css1001-imperva.php http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html CREDITS ======= Scott Miles and Greag Johnson, Clear Skies Security, identified this flaw. Clear Skies would like to thank Mike Sanders and Accuvant Labs for their assistance in clarifying and working with the vendor to correct this issue. LEGAL NOTICES ============= Disclaimer: The information in the advisory is believed to be accurate at the time of publishing and is subject to change without notice. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. The author is not liable for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Copyright 2010 Clear Skies Security, LLC. Permission is granted for the redistribution of this alert electronically. To reprint this alert, in whole or in part, in any other medium other than electronically, please e-mail info (at) clearskies (dot) net for permission

Trust: 2.07

sources: NVD: CVE-2010-1329 // JVNDB: JVNDB-2010-002814 // BID: 39472 // VULHUB: VHN-43934 // PACKETSTORM: 88386

AFFECTED PRODUCTS

vendor:	imperva	model:	securesphere web application firewall	scope:	eq	version:	6.0.4.6128	Trust: 1.9
vendor:	imperva	model:	securesphere web application firewall	scope:	eq	version:	7.0.0.7078	Trust: 1.9
vendor:	imperva	model:	securesphere database firewall	scope:	eq	version:	6.0.6.6302	Trust: 1.9
vendor:	imperva	model:	securesphere database firewall	scope:	eq	version:	6.0.6.6274	Trust: 1.9
vendor:	imperva	model:	securesphere database firewall	scope:	eq	version:	6.0.4.6128	Trust: 1.9
vendor:	imperva	model:	securesphere database firewall	scope:	eq	version:	6.2.0.6463	Trust: 1.6
vendor:	imperva	model:	securesphere database firewall	scope:	eq	version:	6.2.0.6442	Trust: 1.6
vendor:	imperva	model:	securesphere database firewall	scope:	eq	version:	7.0.0.7061	Trust: 1.6
vendor:	imperva	model:	securesphere database firewall	scope:	eq	version:	5.0.0.5082	Trust: 1.6
vendor:	imperva	model:	securesphere database firewall	scope:	eq	version:	7.0.0.7078	Trust: 1.6
vendor:	imperva	model:	securesphere web application firewall	scope:	eq	version:	6.0.6.6302	Trust: 1.3
vendor:	imperva	model:	securesphere web application firewall	scope:	eq	version:	6.0.6.6274	Trust: 1.3
vendor:	imperva	model:	securesphere web application firewall	scope:	eq	version:	6.0.5.6238	Trust: 1.3
vendor:	imperva	model:	securesphere web application firewall	scope:	eq	version:	6.0.5.6230	Trust: 1.3
vendor:	imperva	model:	securesphere web application firewall	scope:	eq	version:	7.0.0.7061	Trust: 1.3
vendor:	imperva	model:	securesphere web application firewall	scope:	eq	version:	6.2.0.6463	Trust: 1.3
vendor:	imperva	model:	securesphere database firewall	scope:	eq	version:	6.0.5.6238	Trust: 1.3
vendor:	imperva	model:	securesphere database firewall	scope:	eq	version:	6.0.5.6230	Trust: 1.3
vendor:	imperva	model:	securesphere web application firewall	scope:	eq	version:	6.2.0.6442	Trust: 1.0
vendor:	imperva	model:	securesphere web application firewall	scope:	eq	version:	5.0.0.5082	Trust: 1.0
vendor:	imperva	model:	securesphere database firewall	scope:	eq	version:	.0.0.5082 to 7.0.0.7078	Trust: 0.8
vendor:	imperva	model:	securesphere web application firewall	scope:	eq	version:	5.0.0.5082 to 7.0.0.7078	Trust: 0.8
vendor:	imperva	model:	securesphere web application firewall on xos	scope:	eq	version:	7.0.70788.5.3	Trust: 0.3
vendor:	imperva	model:	securesphere web application firewall	scope:	eq	version:	6.2.6442	Trust: 0.3
vendor:	imperva	model:	securesphere web application firewall on xos	scope:	eq	version:	6.0.4.61288.0/5	Trust: 0.3
vendor:	imperva	model:	securesphere web application firewall	scope:	eq	version:	5.0.5082	Trust: 0.3
vendor:	imperva	model:	securesphere mx management server and gateway	scope:	eq	version:	6.0	Trust: 0.3
vendor:	imperva	model:	securesphere mx management server	scope:	eq	version:	5.x	Trust: 0.3
vendor:	imperva	model:	securesphere mx management server	scope:	eq	version:	5.0	Trust: 0.3
vendor:	imperva	model:	securesphere database firewall on xos	scope:	eq	version:	7.0.70788.5.3	Trust: 0.3
vendor:	imperva	model:	securesphere database firewall	scope:	eq	version:	7.0.7078	Trust: 0.3
vendor:	imperva	model:	securesphere database firewall	scope:	eq	version:	7.0.7061	Trust: 0.3
vendor:	imperva	model:	securesphere database firewall	scope:	eq	version:	6.2.6463	Trust: 0.3
vendor:	imperva	model:	securesphere database firewall	scope:	eq	version:	6.2.6442	Trust: 0.3
vendor:	imperva	model:	securesphere database firewall on xos	scope:	eq	version:	6.0.4.61288.0/5	Trust: 0.3
vendor:	imperva	model:	securesphere database firewall	scope:	eq	version:	5.0.5082	Trust: 0.3

sources: BID: 39472 // JVNDB: JVNDB-2010-002814 // CNNVD: CNNVD-201004-285 // NVD: CVE-2010-1329

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-1329
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-1329
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201004-285
value:	HIGH
Trust: 0.6
VULHUB:	VHN-43934
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-1329
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-43934
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-43934 // JVNDB: JVNDB-2010-002814 // CNNVD: CNNVD-201004-285 // NVD: CVE-2010-1329

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2010-1329

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201004-285

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201004-285

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002814

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-43934

PATCH

title:

Imperva Security Response for CVE-2010-1329

url:

http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html

Trust: 0.8

sources: JVNDB: JVNDB-2010-002814

EXTERNAL IDS

db:	NVD	id:	CVE-2010-1329	Trust: 2.9
db:	BID	id:	39472	Trust: 2.8
db:	JVNDB	id:	JVNDB-2010-002814	Trust: 0.8
db:	CNNVD	id:	CNNVD-201004-285	Trust: 0.7
db:	BUGTRAQ	id:	20100413 IMPERVA SECURESPHERE WEB APPLICATION FIREWALL AND DATABASE FIREWALL BYPASS VULNERABILITY	Trust: 0.6
db:	PACKETSTORM	id:	88386	Trust: 0.2
db:	VULHUB	id:	VHN-43934	Trust: 0.1

sources: VULHUB: VHN-43934 // BID: 39472 // JVNDB: JVNDB-2010-002814 // PACKETSTORM: 88386 // CNNVD: CNNVD-201004-285 // NVD: CVE-2010-1329

REFERENCES

url:	http://www.securityfocus.com/bid/39472	Trust: 2.5
url:	http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html	Trust: 2.1
url:	http://www.clearskies.net/documents/css-advisory-css1001-imperva.php	Trust: 1.8
url:	http://www.securityfocus.com/archive/1/510709/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1329	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1329	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/510709/100/0/threaded	Trust: 0.6
url:	http://www.imperva.com	Trust: 0.3
url:	/archive/1/510709	Trust: 0.3
url:	http://www.imperva.com/products/securesphere-data-security-suite.html)	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-1329	Trust: 0.1

sources: VULHUB: VHN-43934 // BID: 39472 // JVNDB: JVNDB-2010-002814 // PACKETSTORM: 88386 // CNNVD: CNNVD-201004-285 // NVD: CVE-2010-1329

CREDITS

Scott Miles and Greag Johnson, Clear Skies Security

Trust: 0.9

sources: BID: 39472 // CNNVD: CNNVD-201004-285

SOURCES

db:	VULHUB	id:	VHN-43934
db:	BID	id:	39472
db:	JVNDB	id:	JVNDB-2010-002814
db:	PACKETSTORM	id:	88386
db:	CNNVD	id:	CNNVD-201004-285
db:	NVD	id:	CVE-2010-1329

LAST UPDATE DATE

2025-04-11T23:19:43.400000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-43934	date:	2018-10-10T00:00:00
db:	BID	id:	39472	date:	2010-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2010-002814	date:	2011-06-06T00:00:00
db:	CNNVD	id:	CNNVD-201004-285	date:	2010-04-15T00:00:00
db:	NVD	id:	CVE-2010-1329	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-43934	date:	2010-04-15T00:00:00
db:	BID	id:	39472	date:	2010-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2010-002814	date:	2011-06-06T00:00:00
db:	PACKETSTORM	id:	88386	date:	2010-04-15T22:23:03
db:	CNNVD	id:	CNNVD-201004-285	date:	2010-04-15T00:00:00
db:	NVD	id:	CVE-2010-1329	date:	2010-04-15T17:30:00.553