Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-14706

EPSS 72.37% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-14706

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款DenyAll产品授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
DenyAll i-Suite LTS等都是法国DenyAll公司的Web防火墙产品。 多款DenyAll产品中存在安全漏洞。远程攻击者可通过向/webservices/download/index.php文件发送typeOf=debug请求,并在回复中读取iToken字段利用该漏洞获取身份验证信息。以下产品和版本受到影响:DenyAll i-Suite LTS 5.5.0版本至5.5.12版本;i-Suite 5.6版本;Web Application Firewall 5.7版本,Web Applic
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2017-14706

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-14706

登录查看更多情报信息。

Same Patch Batch · n/a · 2017-09-22 · 25 CVEs total

CVE-2017-14691STDU Viewer 安全漏洞
CVE-2017-8012多款EMC产品安全漏洞
CVE-2017-8007多款EMC产品Webservice Gateway 路径遍历漏洞
CVE-2017-14684ImageMagick 安全漏洞
CVE-2017-14687Artifex MuPDF 安全漏洞
CVE-2017-14686Artifex MuPDF 安全漏洞
CVE-2017-14685Artifex MuPDF 安全漏洞
CVE-2017-14653ASP4CMS AspCMS 安全漏洞
CVE-2017-14637sam2p 缓冲区错误漏洞
CVE-2017-14636sam2p 数字错误漏洞
CVE-2017-14693IrfanView 安全漏洞
CVE-2017-14692STDU Viewer 安全漏洞
CVE-2017-14694Foxit Reader 安全漏洞
CVE-2017-14690STDU Viewer 安全漏洞
CVE-2017-14689STDU Viewer 安全漏洞
CVE-2017-14688STDU Viewer 安全漏洞
CVE-2017-14081Trend Micro Mobile Security(Enterprise) 命令注入漏洞
CVE-2017-14705多款DenyAll产品安全漏洞
CVE-2017-14717Telaxus EPESI 跨站脚本漏洞
CVE-2017-14716Telaxus EPESI 跨站脚本漏洞

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2017-14706

No comments yet

Leave a comment