← Voltar para CVEs
CVE-2017-14706
N/ADescricao
DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado9/22/2017
Ultima modificacao4/20/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
denyall:i-suitedenyall:web_application_firewall
Fraquezas (CWE)
CWE-287
Referencias
https://github.com/rapid7/metasploit-framework/pull/8980(cve@mitre.org)
https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/(cve@mitre.org)
https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/(cve@mitre.org)
https://github.com/rapid7/metasploit-framework/pull/8980(af854a3a-2127-422b-91ae-364da2661108)
https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/(af854a3a-2127-422b-91ae-364da2661108)
https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.