My.denyall.com

Sign In Create account

Security Advisories and Release Notes

Release Note R&S®Web Application Firewall 6.5.4 (LTS)
2019-10-18

We are pleased to announce the availability of R&S®Web Application Firewall 6.5.4 (LTS), intended for use in production. Release date: 2019-10-17. Revision: 0f9c253+b11610.

Release Note R&S®Web Application Firewall 5.5.15 (LTS)
2019-10-07

We are pleased to announce the availability of R&S®Web Application Firewall 5.5.15 (LTS), intended for use in production. Release date: 2019-10-07. Revision: 149370ab1695349924ce0e36cd50c7fd43e1c7f9.

Release Note R&S®Web Application Firewall 6.5.3 patch3 (LTS)
2019-09-30

We are pleased to announce the availability of R&S®Web Application Firewall 6.5.3 patch3 (LTS), intended for use in production. Release date: 2019-09-30. Revision: 5136bd5+b11268.

Release Note R&S®Web Application Firewall 6.5.3 patch2 (LTS)
2019-09-02

We are pleased to announce the availability of R&S®Web Application Firewall 6.5.3 patch2 (LTS), intended for use in production. Release date: 2019-09-02. Revision: 5078647+b10821.

Release Note R&S®Web Application Firewall 6.5.3 patch1 (LTS)
2019-08-22

We are pleased to announce the availability of R&S®Web Application Firewall 6.5.3 patch1 (LTS), intended for use in production. Release date: 2019-08-22. Revision: 5489985+b10656.

Release Note R&S®Web Application Firewall 6.5.0 patch4 (LTS)
2019-08-12

We are pleased to announce the availability of R&S®Web Application Firewall 6.5.0 patch4 (LTS), intended for use in production. Release date: 2019-08-12. Revision: 8fb49dd+b10612.

Security release for WAF BSU/DSU 3.32
2019-07-18

The Security update 3.32.0-ca97ac3.bsu and 3.32.0-ca97ac3.dsu for DAWAF / WAM / WSF is now available. Download it from the / Tech Support / Download / iSuite DAWAF / SECURITY UPDATES FOR LTS I-SUITE & LVS DENYALL WAF section.

Release Note R&S®Web Application Firewall 6.5.3 (LTS)
2019-07-18

We are pleased to announce the availability of R&S®Web Application Firewall 6.5.3 (LTS), intended for use in production. Release date: 2019-07-18. Revision: c0b7808+b10356.

SACK Panic
2019-06-19

New flaws on the TCP stack have been discovered on the Linux (and FreeBSD) Kernels. Researchers from Netflix have identified vulnerabilities related to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most severe vulnerability is called the "SACK Panic" that could allow a remote attacker to trigger a kernel panic in systems and so, impact the system's availability.

Release Note R&S®Web Application Firewall 6.5.2 patch3 (LTS)
2019-05-27

We are pleased to announce the availability of R&S®Web Application Firewall 6.5.2 patch3 (LTS), intended for use in production. Release date: 2019-05-27. Revision: c0417f5+b9368.

Microarchitectural Data Sampling - CVE-2018-12130, CVE-2018-12126, CVE-2018-12127 and CVE-2019-11091
2019-05-21

New microarchitectural flaws on processor have been published in May 2019. As Meltdown, Spectre and Foreshadow, these new vulnerabilities can allow a malicious user to steal sensitive data like passwords and user keys from other system programs or virtual instances. It may affects all systems using an Intel CPU

Release Note R&S®Web Application Firewall 6.5.2 patch2 (LTS)
2019-05-06

We are pleased to announce the availability of R&S®Web Application Firewall 6.5.2 patch2 (LTS), intended for use in production. Release date: 2019-05-06. Revision: 4d48e6c+b9149.

Release Note 5.5.14
2019-04-23

Release date: 23rd April 2019. Revision: 6ef08f0b21106c6d38ba8101db979048e47af588 .This version is a maintenance release of the Long Term Support (LTS) v5.5.

Security release for WAF BSU/DSU 3.31
2019-04-11

The Security update 3.31.0-6938e87.bsu and 3.31.0-6938e87.dsu for DAWAF / WAM / WSF is now available. Download it from the / Tech Support / Download / iSuite DAWAF / SECURITY UPDATES FOR LTS I-SUITE & LVS DENYALL WAF section.

Release Note R&S®Web Application Firewall 6.5.2 patch1 (LTS)
2019-04-04

We are pleased to announce the availability of R&S®Web Application Firewall 6.5.2 patch1 (LTS), intended for use in production. Release date: 2019-04-02. Revision: a27ef00+b8748.

Release Note R&S®Web Application Firewall 6.5.2 (LTS)
2019-03-06

We are pleased to announce the availability of R&S®Web Application Firewall 6.5.2 (LTS), intended for use in production. Release date: 2019-03-06. Revision: 23cdc10+b8374.

Release Note R&S®Web Application Firewall 6.5.1 (LTS)
2018-12-13

We are pleased to announce the availability of R&S®Web Application Firewall 6.5.1 (LTS), intended for use in production. Release date: 2018-12-13. Revision: 430dd93+b7378.

Security release for WAF BSU/DSU 3.30
2018-09-17

The Security update 3.30.0-990b8e6.bsu and 3.30.0-990b8e6.dsu for DAWAF / WAM / WSF is now available. Download it from the / Tech Support / Download / iSuite DAWAF / SECURITY UPDATES FOR LTS I-SUITE & LVS DENYALL WAF section.

CVE-2018-11776 - Apache Struts2 S2-057
2018-08-30

A new vulnerability was discovered in Apache Struts 2 that can lead to a possible Remote Code Execution (RCE) attack. The vulnerability is located in the core of Apache Struts. All applications that use Struts are potentially vulnerable, even when no additional plugins have been enabled.

Foreshadow attack
2018-08-28

Security researchers have discovered a speculative execution attack side-channel targeting Intel processors that can allow unauthorized programs to steal sensitive information inside the L1 data cache. The attack has been called the “Foreshadow attack”.

Splunk Application for R&S®Web Application Firewall 6.5
2018-07-16

This Splunk application is designed to work with data source from R&S®Web Application Firewall 6.5.

Release note R&S®Web Application Firewall 6.5 (LTS)
2018-05-28

We are pleased to announce the availability of R&S®Web Application Firewall 6.5 (LTS), intended for use in production. Release date: 2018-05-28. Revision: aa47ecd+b5834.

Maintenance operation
2018-05-04

A maintenance operation of the website https://my.denyall.com is scheduled this Week-end from 2018/05/05 to 2018/05/06 . The 24/7 Premium Support remains accessible. We apologize for the inconvenience. From Monday 2018/05/07, if you encounter a problem on our platform https://my.denyall.com/ please contact technical support by email or phone.

Meltdown and Spectre attacks
2018-01-10

Major vulnerabilities named Meltdown and Spectre have emerged, impacting almost all modern microprocessors.

Robot Attack vulnerability
2017-12-14

The Bleichenbacher attack is back, now named "Return Of Bleichenbacher's Oracle Threat" (ROBOT). This 19year-old vulnerability can allow an attacker to decrypt HTTPS traffic by exploiting some RSA encryption implementations.

ADVISORY: Unauthenticated Remote Code Execution sur DenyAll Web Application Firewall
2017-09-22

The vulnerability allows attackers to remotely execute Shell commands through the PHP API running on the administration interface (port 3001/tcp) of the WAF.

Release note DA WAF 6.4 (LVS)
2017-09-18

This document details changes introduced by the 6.4 version for DenyAll Web Application Firewall.

Security Research Advisory: A remote command execute (RCE) has been discovered in Apache Struts 2
2017-09-13

A remote command execute (RCE) has been discovered in Apache Struts 2, affecting versions 2.1.2 to 2.3.33 and 2.5 to 2.5.12.

CVE-2017-6919 - Drupal 8.x access bypass vulnerability
2017-04-21

A critical access bypass vulnerability has been published and fixed by the Drupal Security team on 19th April 2017. A remote attacker can retrieve an access to a Drupal 8.x web site through the RESTful Web Services module using PATCH requests.

CVE-2017-7269 - Buffer Overflow Vulnerability on IIS 6.0
2017-04-14

A buffer overflow has been discovered in the WebDAV service in Internet Information Services ISS 6.0 in Microsoft Windows Server 2003 R2. The vulnerability can lead to remote code execution (RCE) but it can only be exploited if the WebDAV service is enabled.

Release note DA WAF 6.3 (LVS)
2017-03-31

This document details changes introduced by the 6.3 version for DenyAll Web Application Firewall.

CVE-2017-5638 - Apache Struts2 S2-045: Remote Code Execution Vulnerability
2017-03-10

A serious vulnerability was discovered in Apache Struts 2, affecting versions of Apache Struts 2.3.5–2.3.31 and 2.5–2.5.10

Release notes 5.5.12
2017-02-02

Release date: february 02 2017. Revision: r37843. This version is a maintenance release of the Long Term Support (LTS) v5.5.

Release notes 5.5.11
2016-11-17

Release date: November 17 2016. Revision: r36634. This version is a maintenance release of the Long Term Support (LTS) v5.5.

Release DAWAF Security Update v5-3.26
2016-10-19

The Security update security-update-v5-3.26-36281.bsu for DAWAF / WAM / WSF is now available. Download it from the / Tech Support / Download / iSuite DAWAF / SECURITY UPDATES FOR LTS I-SUITE & LVS DENYALL WAF section.

Release note DA WAF 6.2 (LVS)
2016-10-10

This document details changes introduced by the 6.2 version for DenyAll Web Application Firewall.

OpenSSL Vulnerability - OCSP Status Request extension unbounded memory growth
2016-09-28

OpenSSL versions 1.0.2i and 1.0.1u have been published on 22th September, 2016, to correct one high, one moderate and several low vulnerabilities.Four days later, new OpenSSL versions have been immediately released to fix 2 issues introduced in version 1.0.2i and 1.1.0a.

CVE-2016-5696 - Off-Path TCP - Shared challenge ack vulnerability
2016-08-17

On 08th August, 2016, a flow has been discovered in the Linux kernel's TCP/IP implementation of the challenge ACK rate limiting (RFC 5961). A man-in-the-middle attacker could inject malicious data into unsecured TCP connections.

Release notes 5.5.10
2016-07-22

Release date: July 21 2016. Revision: r35317. This version is a maintenance release of the Long Term Support (LTS) v5.5.

rWeb / sProxy 4.2.2
2016-07-19

This document details all changes introduced in rWeb 4.2.2 version

Drupal PSA-2016-001 - Remote Code Execution
2016-07-12

On 12th July, 2016, Drupal announces three highly critical remote execution vulnerabilities on contributed modules.

Product data: latest versions

current versions: WAF v6.5.2 (LTS) | v5.5.13

WAF 5.5.13 and WAF 6.5.2 (LTS) and the accompanying Release Notes are now available for download in the Updates section (Tech Support menu).

Versions 6.5.2 (LTS) and 5.5.13 can now be downloaded . Go to Tech Support, Updates section.

Release Note R&S®Web Application Firewall 6.5.4 (LTS)2019-10-18

Release Note R&S®Web Application Firewall 5.5.15 (LTS)2019-10-07

Release Note R&S®Web Application Firewall 6.5.3 patch3 (LTS)2019-09-30

Release Note R&S®Web Application Firewall 6.5.3 patch2 (LTS)2019-09-02

Release Note R&S®Web Application Firewall 6.5.3 patch1 (LTS)2019-08-22

Release Note R&S®Web Application Firewall 6.5.0 patch4 (LTS)2019-08-12

Security release for WAF BSU/DSU 3.322019-07-18

Release Note R&S®Web Application Firewall 6.5.3 (LTS)2019-07-18

SACK Panic2019-06-19

Release Note R&S®Web Application Firewall 6.5.2 patch3 (LTS)2019-05-27

Microarchitectural Data Sampling - CVE-2018-12130, CVE-2018-12126, CVE-2018-12127 and CVE-2019-110912019-05-21

Release Note R&S®Web Application Firewall 6.5.2 patch2 (LTS)2019-05-06

Release Note 5.5.142019-04-23

Security release for WAF BSU/DSU 3.312019-04-11

Release Note R&S®Web Application Firewall 6.5.2 patch1 (LTS)2019-04-04

Release Note R&S®Web Application Firewall 6.5.2 (LTS)2019-03-06

Release Note R&S®Web Application Firewall 6.5.1 (LTS)2018-12-13

Security release for WAF BSU/DSU 3.302018-09-17

CVE-2018-11776 - Apache Struts2 S2-0572018-08-30

Foreshadow attack2018-08-28

Splunk Application for R&S®Web Application Firewall 6.52018-07-16

Release note R&S®Web Application Firewall 6.5 (LTS)2018-05-28

Maintenance operation2018-05-04

Meltdown and Spectre attacks2018-01-10

Robot Attack vulnerability2017-12-14

ADVISORY: Unauthenticated Remote Code Execution sur DenyAll Web Application Firewall2017-09-22

Release note DA WAF 6.4 (LVS)2017-09-18

Security Research Advisory: A remote command execute (RCE) has been discovered in Apache Struts 22017-09-13

CVE-2017-6919 - Drupal 8.x access bypass vulnerability2017-04-21

CVE-2017-7269 - Buffer Overflow Vulnerability on IIS 6.02017-04-14

Release note DA WAF 6.3 (LVS)2017-03-31

CVE-2017-5638 - Apache Struts2 S2-045: Remote Code Execution Vulnerability 2017-03-10

Release notes 5.5.122017-02-02

Release notes 5.5.112016-11-17

Release DAWAF Security Update v5-3.262016-10-19

Release note DA WAF 6.2 (LVS)2016-10-10

OpenSSL Vulnerability - OCSP Status Request extension unbounded memory growth2016-09-28

CVE-2016-5696 - Off-Path TCP - Shared challenge ack vulnerability2016-08-17

Release notes 5.5.102016-07-22

rWeb / sProxy 4.2.22016-07-19

Drupal PSA-2016-001 - Remote Code Execution2016-07-12