漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a dangerous parameter value into substrings, as demonstrated by a SQL statement that is split across multiple iid parameters and then sent to a .aspx file on an IIS web server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM Web Application Firewall多个应用程序输入验证漏洞
Vulnerability Description
IBM Web Application Firewall是IBM IPS产品中使用的用于完善IBM安全产品的端到端Web应用安全解决方案。 在G400 IPS-G400-IB-1和GX4004 IPS-GX4004-IB-2应用程序上使用的IBM Web Application Firewall不能正确处理带有多个相同参数实例的查询字符串。远程攻击者可以通过将危险参数拆分到多个子串中绕过预设的入侵防御。
CVSS Information
N/A
Vulnerability Type
N/A