TWSL2011-006: IBM Web Application Firewall Bypass

The SpiderLabs team at Trustwave published a new advisory today, which details an issue identified in the IBM Web Application Firewall (WAF). The IBM Web Application Firewall capabilities, inside IBM IPS products, complement IBM Security's portfolio of web application security offerings to deliver end-to-end Web application security solutions. The issue in question was discovered while a penetration test was being performed for a Trustwave client.

The bypass was discovered by Wendel Guglielmetti Henrique, who is a member of the SpiderLabs Network Penetration Testing team. Wendel discovered a method which allowed him to bypass the IBM WAF and perform a SQL injection attack on a vulnerble web server. IBM was very responsive in creating a fix to this issue, and has released a correction in the June "Super Tuesday" patch release.

For further details, please view the full advisory at the following address:

https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt

Additionally, further information can also be viewed in the following links:

http://www.iss.net/security_center/reference/vuln/HTTP_Parameter_Abuse.htm http://xforce.iss.net/xforce/xfdb/67178

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.