VYPR

Securesphere Web Application Firewall

by Imperva

CVEs (5)

  • CVE-2021-45468CriJan 14, 2022
    risk 0.64cvss 9.8epss 0.04

    Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.

  • CVE-2011-5266CriJan 8, 2020
    risk 0.64cvss 9.8epss 0.01

    Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.

  • CVE-2011-4887Sep 11, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field.

  • CVE-2011-0767Jun 6, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID…

  • CVE-2010-1329Apr 15, 2010
    risk 0.00cvss epss 0.01

    Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation.