Vulnerability Description
The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kemptechnologies | Web Application Firewall | <= 7.2.40 |
References
- http://www.securityfocus.com/archive/1/541602/100/0/threaded
- https://kemptechnologies.com/files/assets/documentation/7.2/release-notes/ReleasIssue TrackingRelease NotesVendor Advisory
- https://www.pallas.com/advisories/cve_2017_15524_kemp_afp_waf_bug_on_post_dataExploitIssue TrackingThird Party Advisory
- http://www.securityfocus.com/archive/1/541602/100/0/threaded
- https://kemptechnologies.com/files/assets/documentation/7.2/release-notes/ReleasIssue TrackingRelease NotesVendor Advisory
- https://www.pallas.com/advisories/cve_2017_15524_kemp_afp_waf_bug_on_post_dataExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2017-15524?
CVE-2017-15524 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.
How severe is CVE-2017-15524?
CVE-2017-15524 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-15524?
Check the references section above for vendor advisories and patch information. Affected products include: Kemptechnologies Web Application Firewall.