CVE-2023-50969

Vulnerability

Details CVE-2023-50969 is a critical vulnerability in Imperva SecureSphere WAF (on-premise) that allows attackers to bypass WAF rules inspecting POST data [1]. The issue is distinct from CVE-2021-45468 and affects versions prior to an Application Defense Center (ADC) rule update released on February 26, 2024 [1]. The root cause involves insufficient validation or parsing of crafted POST requests, enabling rule bypass.

Exploitation

The vulnerability can be exploited remotely without authentication (CVSS 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) [1]. An attacker sends a specially crafted POST request that evades WAF inspection rules. For example, a protected PHP webshell that executes system commands would be blocked by standard rules, but a crafted POST request can bypass these rules and allow command execution [1].

Impact

Successful exploitation allows an attacker to bypass WAF rules and exploit vulnerabilities in protected applications that would otherwise be blocked. This could lead to remote code execution, data theft, or full compromise of the web application [1].

Mitigation

Imperva released an ADC rule update on February 26, 2024 to remediate this issue [1]. Customers should apply the update via the Imperva Support Portal. Imperva Cloud WAF is not affected [1].