CVE-2017-15524

The CVE-2017-15524 entry concerns Kemp Load Balancer’s Application Firewall Pack (AFP/WAF). A security feature bypass exists where HTTP POST data is not inspected, enabling bypass of the Web Application Firewall. Affected versions are Kemp AFP prior to 7.2.40.1; remediation is upgrading to 7.2.40...

Kemp Load Balancers Security Bypass Vulnerability

Kemp Load Balancer is a load balancing appliance from Kemp Technlogies, Inc.Application Firewall Pack AFP, a.k.a. Web Application Firewall is a Web application firewall component used in... A security bypass vulnerability exists in the AFP component of Kemp Load Balancer versions prior to 7.2.40....

Kemp Load Balancer WAF 7.2.40 Bypass

ADVISORY SUMMARY Kemp Load Balancers - Module Application Firewall Pack AFP - Web Application Firewall WAF does not inspect HTTP POST data Risk: high Application: Kemp Load Balancers - Module Application Firewall Pack AFP Versions Affected: 7.1.30 Nov 2015 to 7.2.40 Oct 2017 // Older versions...

HTTP Client in JIRA does not accept RFC6265 compliant date format in "Expires" cookie header

When using AWS Application Load Balancer, the following WARN log messages are shown in the logs, as JIRA does not understand the "Expires" header used for sticky sessions. code:java 2017-09-27 01:44:47,292 HealthCheck:thread-7 WARN o.a.h.client.protocol.ResponseProcessCookies Invalid cookie heade...

How to Deploy SecureSphere WAF on Azure

If you host apps in the cloud, then you need security in the cloud. The Imperva SecureSphere Web Application Firewall WAF identifies and acts upon dangers maliciously woven into innocent-looking website traffic, both on-premises and in the cloud, such as: Blocking technical attacks such as SQL...

Barracuda Load Balancer Hard-Coded Weak Credentials Vulnerability

Barracuda Load Balancer is an application delivery controller from Barracuda Networks. The controller provides protection against intrusions and attacks while optimizing application load and providing performance support. A security vulnerability exists in Barracuda Load Balancer version 5.0.0.01...

Barracuda Load Balancer Privilege Access Control Vulnerability

Barracuda Load Balancer is an application delivery controller from Barracuda Networks. The controller provides protection against intrusions and attacks while optimizing application load and providing strong performance support. A power lifting vulnerability exists in Barracuda Load Balancer...

CVE-2014-8428

Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key...

CVE-2014-8426

Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015...

Privilege escalation

Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key...

Hardcoded credentials

Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015...

CVE-2014-8428

Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key...

CVE-2014-8428

CVE-2014-8428 affects Barracuda Load Balancer 5.0.0.015, causing privilege escalation via an improperly protected SSH key. Multiple sources (NVD entry and CNVD/PRION records) corroborate a vulnerability in Barracuda Load Balancer with this issue, noting the SSH key protection flaw as the root cau...

CVE-2014-8426

CVE-2014-8426 affects Barracuda Load Balancer ADC with firmware 5.0.0.015, where hard-coded weak credentials are present. Connected sources describe a hard-coded credential issue and related weaknesses (including SSH key issues and offline password-reset vectors) that could enable unauthorized ac...

CVE-2014-8426

Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015...

Barracuda Load Balancer Remote Command Injection Vulnerability

Barracuda Networks Load Balancer is an application delivery controller from Barracuda Networks. A remote command injection vulnerability exists in the Barracuda Networks Load Balancer using firmware version 6.0.1.006 and earlier, which stems from the deleteassessment command being issued while th...

CVE-2017-6320

A remote command injection vulnerability exists in the Barracuda Load Balancer product line confirmed on v5.4.0.004 2015-11-26 and v6.0.1.006 2016-08-19; fixed in 6.1.0.003 2017-01-17 in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability...

CVE-2017-6320

A remote command injection vulnerability exists in the Barracuda Load Balancer product line confirmed on v5.4.0.004 2015-11-26 and v6.0.1.006 2016-08-19; fixed in 6.1.0.003 2017-01-17 in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability...

Command injection

A remote command injection vulnerability exists in the Barracuda Load Balancer product line confirmed on v5.4.0.004 2015-11-26 and v6.0.1.006 2016-08-19; fixed in 6.1.0.003 2017-01-17 in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability...

CVE-2017-6320

A remote command injection vulnerability exists in the Barracuda Load Balancer product line confirmed on v5.4.0.004 2015-11-26 and v6.0.1.006 2016-08-19; fixed in 6.1.0.003 2017-01-17 in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability...