Vulnerabilities > CVE-2017-15524 - Unspecified vulnerability in Kemptechnologies web Application Firewall

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
kemptechnologies
critical
NVD
Published: 2017-12-19
Updated: 2019-10-03

Summary

The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.

Vulnerable Configurations

Part Description Count
Application
Kemptechnologies
45

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/145433/kemplb-bypass.txt
idPACKETSTORM:145433
last seen2017-12-15
published2017-12-15
reporterTim Kretschmann
sourcehttps://packetstormsecurity.com/files/145433/Kemp-Load-Balancer-WAF-7.2.40-Bypass.html
titleKemp Load Balancer WAF 7.2.40 Bypass

References