Imperva Blog|Login|中文Deutsch日本語
Application Defense Center

Imperva Security Response for CVE-2010-1329

Evasion vulnerability in SecureSphere Web Application Firewall and Database Firewall

Revision History

Date: 4/5/2010
Comments: Initial Version

Status Summary

Affected versions and fixes listed below.


It is possible to evade some of the detection mechanisms of the SecureSphere Web Application Firewall and Database Firewall by sending a specially crafted, extremely large request.


Clear Skies Security (

Vendor Fix

In our latest cumulative patch, Imperva has included a specific fix which resolves the problem. This cumulative patch also enhances the performance of the SecureSphere system. Imperva urges you to install this important patch at your earliest convenience.

Below is a table of affected versions and the minimum required patch numbers. For help in applying these patches, please contact Imperva Support (

VersionPatch Number Patch 11 11 Patch 24 Patch 24 Patch 30 Patch 30 Patch 30 Patch 30 Patch 30 Patch 30 on XOS 8.0/5 ssgw-6128-CBI10 on XOS 8.5.3ssgw-

PATCH DOWNLOAD: The patch and release notes are available on the FTP Site. (Imperva Username and Credentials Required)


The information within this advisory is subject to change without notice. Use of this information constitutes acceptance for use in an AS IS condition. Any use of this information is at the user’s own risk. There are no warranties, implied or expressed, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information.

Redistribution of this alert electronically is allowed as long as it is not edited in any way. To reprint this alert, in whole or in part, in any medium other than electronic medium, for permission.