Lucene search
WPScanCVE-2021-4226HistoryDec 15, 2022 - 7:15 p.m.
CVE-2021-4226
2022-12-1519:15:16
WPScan
web.nvd.nist.gov
33
rsfirewall
cve-2021-4226
http headers
bypass
nvd
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.3
Confidence
High
EPSS
0.003
Percentile
68.8%
RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented.
Affected configurations
Node
rsjoomlarsfirewall\!Range<1.1.25wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rsjoomla | rsfirewall\! | * | cpe:2.3:a:rsjoomla:rsfirewall\!:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "RSFirewall!",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.1.25"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
nvd
nvd
CVE-2021-4226
2022-12-15 19:15:16
patchstack
patchstack
WordPress RSFirewall! plugin <= 1.1.24 - IP Block Bypass vulnerability
2022-04-13 00:00:00
prion
prion
Design/Logic Flaw
2022-12-15 19:15:00
cvelist
cvelist
CVE-2021-4226 RSFirewall < 1.1.25 - IP Block Bypass
2022-12-15 17:14:40
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.3
Confidence
High
EPSS
0.003
Percentile
68.8%
Related for CVE-2021-4226