Vulnerabilities > CVE-2017-15524 - Unspecified vulnerability in Kemptechnologies web Application Firewall
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.
Vulnerable Configurations
Packetstorm
data source | https://packetstormsecurity.com/files/download/145433/kemplb-bypass.txt |
id | PACKETSTORM:145433 |
last seen | 2017-12-15 |
published | 2017-12-15 |
reporter | Tim Kretschmann |
source | https://packetstormsecurity.com/files/145433/Kemp-Load-Balancer-WAF-7.2.40-Bypass.html |
title | Kemp Load Balancer WAF 7.2.40 Bypass |
References
- http://www.securityfocus.com/archive/1/541602/100/0/threaded
- http://www.securityfocus.com/archive/1/541602/100/0/threaded
- https://kemptechnologies.com/files/assets/documentation/7.2/release-notes/Release_Notes-LoadMaster.pdf?pdf-file-view=1
- https://kemptechnologies.com/files/assets/documentation/7.2/release-notes/Release_Notes-LoadMaster.pdf?pdf-file-view=1
- https://www.pallas.com/advisories/cve_2017_15524_kemp_afp_waf_bug_on_post_data
- https://www.pallas.com/advisories/cve_2017_15524_kemp_afp_waf_bug_on_post_data