CVE-2011-3140 - Vulnerability Details - OpenCVE

IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a dangerous parameter value into substrings, as demonstrated by a SQL statement that is split across multiple iid parameters and then sent to a .aspx file on an IIS web server.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	G400 Ips-g400-ib-1 Appliance Gx4004 Ips-gx4004-ib-2 Appliance Web Application Firewall

Configuration 1 [-]

AND

cpe:2.3:a:ibm:web_application_firewall:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:ibm:g400_ips-g400-ib-1_appliance:31.030:::::::*
	cpe:2.3:h:ibm:gx4004_ips-gx4004-ib-2_appliance:31.030:::::::*

No data.

References

Link	Providers
http://securityreason.com/securityalert/8339
http://securitytracker.com/id?1025683
http://www.iss.net/security_center/reference/vuln/HTTP_Parameter_Abuse.htm
http://www.securityfocus.com/archive/1/518556/100/0/threaded
http://www.securityfocus.com/bid/48370
https://exchange.xforce.ibmcloud.com/vulnerabilities/67178
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-08-15T21:00:00

Updated: 2024-08-06T23:22:27.693Z

Reserved: 2011-08-15T00:00:00

Link: CVE-2011-3140

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-08-15T21:55:03.283

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-3140

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-06-21T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a dangerous parameter value into substrings, as demonstrated by a SQL statement that is split across multiple iid parameters and then sent to a .aspx file on an IIS web server."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt"}, {"name": "http-parameter-pollution(67178)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67178"}, {"name": "8339", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8339"}, {"name": "48370", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48370"}, {"name": "20110621 TWSL2011-006: IBM Web Application Firewall Bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/518556/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.iss.net/security_center/reference/vuln/HTTP_Parameter_Abuse.htm"}, {"name": "1025683", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1025683"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2011-3140", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a dangerous parameter value into substrings, as demonstrated by a SQL statement that is split across multiple iid parameters and then sent to a .aspx file on an IIS web server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt", "refsource": "MISC", "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt"}, {"name": "http-parameter-pollution(67178)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67178"}, {"name": "8339", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8339"}, {"name": "48370", "refsource": "BID", "url": "http://www.securityfocus.com/bid/48370"}, {"name": "20110621 TWSL2011-006: IBM Web Application Firewall Bypass", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/518556/100/0/threaded"}, {"name": "http://www.iss.net/security_center/reference/vuln/HTTP_Parameter_Abuse.htm", "refsource": "CONFIRM", "url": "http://www.iss.net/security_center/reference/vuln/HTTP_Parameter_Abuse.htm"}, {"name": "1025683", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025683"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:22:27.693Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt"}, {"name": "http-parameter-pollution(67178)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67178"}, {"name": "8339", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8339"}, {"name": "48370", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/48370"}, {"name": "20110621 TWSL2011-006: IBM Web Application Firewall Bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/518556/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.iss.net/security_center/reference/vuln/HTTP_Parameter_Abuse.htm"}, {"name": "1025683", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1025683"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-3140", "datePublished": "2011-08-15T21:00:00", "dateReserved": "2011-08-15T00:00:00", "dateUpdated": "2024-08-06T23:22:27.693Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:web_application_firewall:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE8818CF-D5EC-41EC-BDE1-D66831E3AF8D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:g400_ips-g400-ib-1_appliance:31.030:*:*:*:*:*:*:*", "matchCriteriaId": "E60744C8-4899-43E7-BA04-924080DFEFB8", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:gx4004_ips-gx4004-ib-2_appliance:31.030:*:*:*:*:*:*:*", "matchCriteriaId": "38240011-812B-428B-90C8-022090552038", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a dangerous parameter value into substrings, as demonstrated by a SQL statement that is split across multiple iid parameters and then sent to a .aspx file on an IIS web server."}, {"lang": "es", "value": "IBM Web Application Firewall, usado en el appliances G400 IPS-G400-IB-1 y GX4004 IPS-GX4004-IB-2 con actualizaci\u00f3n 31.030, no maneja adecuadamente peticiones de candenas con m\u00faltiples instancias en el mismo par\u00e1metro, lo que permite a atacantes remotos evitar las restricciones de acceso dividiendo un valor del par\u00e1metro peligroso en subcadenas, como se demostr\u00f3 en comandos SQL que son divididos en m\u00faltiples par\u00e1metros iid y despu\u00e9s enviados a ficheros .aspx sobre un servidor web IIS."}], "id": "CVE-2011-3140", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-08-15T21:55:03.283", "references": [{"source": "[email protected]", "url": "http://securityreason.com/securityalert/8339"}, {"source": "[email protected]", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1025683"}, {"source": "[email protected]", "url": "http://www.iss.net/security_center/reference/vuln/HTTP_Parameter_Abuse.htm"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/archive/1/518556/100/0/threaded"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/bid/48370"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67178"}, {"source": "[email protected]", "tags": ["Exploit"], "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/8339"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1025683"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/reference/vuln/HTTP_Parameter_Abuse.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/518556/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/48370"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67178"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "[email protected]", "type": "Primary"}]}