Search Imperva Community for
On December 8th 2020 FireEye shared details about a cyber attack it experienced to help to protect the community. These details include a prioritized list of CVEs that should be addressed to limit the effectiveness of Fireye’s Red Team tools. The threat research group examined the list and found that all of the web application CVEs are protected by Imperva WAF.
CVE
WAF Protection
CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 10.0
Generic path traversal rules
CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN - CVSS 9.8
CVE-2018-15961 – RCE via Adobe ColdFusion (arbitrary file upload that can be used to upload a JSP web shell) - CVSS 9.8
Dedicated rules
CVE-2019-0604 – RCE for Microsoft Sharepoint - CVSS 9.8
CVE-2019-11580 - Atlassian Crowd Remote Code Execution - CVSS 9.8
Dedicated rules*
CVE-2019-19781 – RCE of Citrix Application Delivery Controller and Citrix Gateway - CVSS 9.8
CVE-2020-10189 – RCE for ZoHo ManageEngine Desktop Central - CVSS 9.8
Generic java deserialization rules
CVE-2019-3398 – Confluence Authenticated Remote Code Execution - CVSS 8.8
CVE-2020-0688 – Remote Command Execution in Microsoft Exchange - CVSS 8.8
CVE-2019-8394 – arbitrary pre-auth file upload to ZoHo ManageEngine ServiceDesk Plus - CVSS 6.5
Imperva threat research group will continue to monitor any new development and update the WAF if necessary.
*On-premise WAF customers should reach out to Imperva support to manually activate a security policy