CVE-2021-45468 : Security Advisory and Response

Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.

Understanding CVE-2021-45468

This CVE involves a vulnerability in Imperva Web Application Firewall (WAF) that enables remote attackers to bypass security controls.

What is CVE-2021-45468?

The CVE-2021-45468 vulnerability in Imperva Web Application Firewall (WAF) permits unauthenticated remote attackers to exploit a specific mechanism to launch malicious HTTP POST requests, potentially compromising servers protected by the WAF.

The Impact of CVE-2021-45468

The vulnerability allows attackers to trick the WAF by utilizing "Content-Encoding: gzip," which could lead to the execution of harmful actions on servers behind the WAF.

Technical Details of CVE-2021-45468

This section provides an insight into the technical aspects of CVE-2021-45468.

Vulnerability Description

The flaw in Imperva WAF enables attackers to evade security controls by manipulating the "Content-Encoding: gzip" feature.

Affected Systems and Versions

Product: Imperva Web Application Firewall
Vendor: Imperva
Versions: All versions before 2021-12-23

Exploitation Mechanism

Attackers can use "Content-Encoding: gzip" to bypass security measures and launch malicious HTTP POST requests.

Mitigation and Prevention

Protect your systems from CVE-2021-45468 with the following steps:

Immediate Steps to Take

Update Imperva WAF to the latest version that contains a patch for CVE-2021-45468.
Monitor incoming HTTP POST requests for any suspicious activity.

Long-Term Security Practices

Regularly review and update security configurations on your WAF.
Conduct thorough security assessments to identify vulnerabilities proactively.

Patching and Updates

Ensure timely installation of security patches and updates specifically addressing CVE-2021-45468.