šŸ“¦

web_application_firewall

Vendor: hillstonenet

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 3 Code Available
Total RCEs 2 Remote Access
Total CVEs 1 Total Indexed
Avg. EPSS 24.68% Exploit Prob.
Latest CVE CVE-2022-4539 Aug 31

Security Vulnerability Index

Page 1 / 1
5.3 CVSS
CVE-2022-4539

The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.

EPSS: 5.15%
9.8 CVSS
CVE-2024-8073
RCE

Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: fromĀ 5.5R6-2.6.7 through 5.5R6-2.8.13.

EPSS: 1.27%
6.1 CVSS
CVE-2021-41823

The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism.

EPSS: 0.23%
9.8 CVSS
CVE-2021-45468
Exploit Found

Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.

EPSS: 33.28%
5.9 CVSS
CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

EPSS: 74.02%
6.1 CVSS
CVE-2020-14210

Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking.

EPSS: 0.23%
9.8 CVSS
CVE-2014-2595
Exploit Found

Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.

EPSS: 57.47%
5.5 CVSS
CVE-2018-3639
Exploit Found

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

EPSS: 46.73%
9.1 CVSS
CVE-2017-15524

The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.

EPSS: 0.28%
9.8 CVSS
CVE-2017-14706

DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.

EPSS: 72.37%