Imperva Security Response for CVE-2010-1329Evasion vulnerability in SecureSphere Web Application Firewall and Database Firewall
Revision HistoryDate: 4/5/2010
Comments: Initial Version
Affected versions and fixes listed below.
It is possible to evade some of the detection mechanisms of the SecureSphere Web Application Firewall and Database Firewall by sending a specially crafted, extremely large request.
Clear Skies Security (http://www.clearskies.net)
In our latest cumulative patch, Imperva has included a specific fix which resolves the problem. This cumulative patch also enhances the performance of the SecureSphere system. Imperva urges you to install this important patch at your earliest convenience.
Below is a table of affected versions and the minimum required patch numbers. For help in applying these patches, please contact Imperva Support (email@example.com).
|126.96.36.19928 on XOS 8.0/5||ssgw-6128-CBI10|
|188.8.131.5278 on XOS 8.5.3||ssgw-184.108.40.20667-CBI28|
PATCH DOWNLOAD: The patch and release notes are available on the FTP Site. (Imperva Username and Credentials Required)
The information within this advisory is subject to change without notice. Use of this information constitutes acceptance for use in an AS IS condition. Any use of this information is at the user’s own risk. There are no warranties, implied or expressed, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information.Redistribution of this alert electronically is allowed as long as it is not edited in any way. To reprint this alert, in whole or in part, in any medium other than electronic medium, firstname.lastname@example.org for permission.