CVE-2011-3140 in G400 Ips-g400-ib-1 Applianceinfo

Summary

IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a dangerous parameter value into substrings, as demonstrated by a SQL statement that is split across multiple iid parameters and then sent to a .aspx file on an IIS web server.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

08/15/2011

Disclosure

08/15/2011

Moderation

VulDB entry created

Entries

VDB-58299 (1)

CPE

ready

CWE

CWE-264 (Confirmed)

Exploit

Download

CVSS

5.3

EPSS

0.00787

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-3140
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-3140
CVE Details	https://www.cvedetails.com/cve/CVE-2011-3140/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!