← Back

CVE-2017-14706

nvd nist
Published: Sep 22, 2017Modified: May 13, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.

Affected (12)

Denyall
2 products
I Suite
Web Application Firewall
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Denyall
I Suite
Version 5.5.0
I Suite
Version 5.5.10
I Suite
Version 5.5.11
I Suite
Version 5.5.12
I Suite
Version 5.5.9
I Suite
Version 5.6.0
Denyall
Web Application Firewall
Version 5.7.0
Web Application Firewall
Version 6.0.0
Web Application Firewall
Version 6.1.0
Web Application Firewall
Version 6.2.0
Web Application Firewall
Version 6.3.0
Web Application Firewall
Version 6.4.0

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
ExploitTechnical DescriptionThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitTechnical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.