VYPR

Web Application Firewall

by Denyall

CVEs (3)

  • CVE-2017-14706CriSep 22, 2017
    risk 0.69cvss 9.8epss 0.28

    DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12,…

  • CVE-2014-2595CriFeb 12, 2020
    risk 0.68cvss 9.8epss 0.17

    Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.

  • CVE-2017-14705HigSep 22, 2017
    risk 0.53cvss 8.1epss 0.07

    DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be…