----------------------------------------------------------------------


  Secunia CSI
+ Microsoft SCCM
-----------------------
= Extensive Patch Management

http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/


----------------------------------------------------------------------

TITLE:
SecureSphere Web Application and Database Firewall Security Bypass

SECUNIA ADVISORY ID:
SA39463

VERIFY ADVISORY:
http://secunia.com/advisories/39463/

DESCRIPTION:
A vulnerability has been reported in SecureSphere Web Application and
Database Firewall, which can be exploited by malicious people to
bypass certain security restrictions.

The vulnerability exists due to improper filtering of web requests,
which can be exploited to bypass the firewall's filtering protection
by appending large data to the request.

The vulnerability is reported in version 7.0.0.7078, 7.0.0.7061,
6.2.0.6463, 6.2.0.6442, 6.0.6.6302, 6.0.6.6274, 6.0.5.6238,
6.0.5.6230, 6.0.4.6128, 5.0.0.5082, 6.0.4.6128 on XOS 8.0/5, and
7.0.0.7078 on XOS 8.5.3.

SOLUTION:
Apply patches (please see the vendor advisory for details).

PROVIDED AND/OR DISCOVERED BY:
Scott Miles and Greag Johnson, Clear Skies Security.

ORIGINAL ADVISORY:
SecureSphere:
http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html

Clear Skies Security:
http://www.clearskies.net/documents/css-advisory-css1001-imperva.php

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------