Security release for WAF Blacklist 1.2 (2020-05-25) 2020-05-26
The Security update Blacklist 2020-05-25 for R&S®Web Application Firewall and rWeb is now available.
Download it from the "/ Tech Support / Download / iSuite DAWAF / SECURITY UPDATES FOR LTS I-SUITE & LVS DENYALL WAF" and "Tech Support / Download / rWeb / SECURITY UPDATES FOR PROTECT & DAOS" sections.
We are pleased to announce the availability of R&S®Web Application Firewall 6.5.6 (LTS), intended for use in production. Release date: 2020-05-18. Revision: 9710e08+b15342
Security release for WAF BSU/DSU 3.34.0 2020-04-23
The Security update 3.34.0-f967cce.bsu and 3.34.0-f967cce.dsu for DAWAF / WAM / WSF is now available. Download it from the / Tech Support / Download / iSuite DAWAF / SECURITY UPDATES FOR LTS I-SUITE & LVS DENYALL WAF section.
We are pleased to announce the availability of R&S®Web Application Firewall 6.5.5 patch1 (LTS), intended for use in production. Release date: 2020-03-18. Revision: f792aa5+b14398.
We are pleased to announce the availability of R&S®Web Application Firewall 6.5.5 (LTS), intended for use in production. Release date: 2020-02-18. Revision: 37be352-b13898
Security release for WAF Scoringlist 2019-11-06 2020-01-07
The Security update Scoringlist 2019-11-06 for R&S®WAF and rWeb is now available.
Download it from the "Tech Support / Download / rWeb / SECURITY UPDATES FOR PROTECT & DAOS" sections.
Security release for WAF BSU/DSU 3.33 2020-01-07
The Security update 3.33.0-fea3f0e.bsu and 3.33.0-fea3f0e.dsu for DAWAF / WAM / WSF is now available. Download it from the / Tech Support / Download / iSuite DAWAF / SECURITY UPDATES FOR LTS I-SUITE & LVS DENYALL WAF section.
We are pleased to announce the availability of R&S®Web Application Firewall 6.5.4 patch1 (LTS), intended for use in production. Release date: 2019-11-26. Revision: ec313b6+b12172
Security release for WAF Blacklist 2019-11-06 2019-11-21
The Security update Blacklist 2019-11-06 for R&S®WAF and rWeb is now available.
Download it from the "/ Tech Support / Download / iSuite DAWAF / SECURITY UPDATES FOR LTS I-SUITE & LVS DENYALL WAF" and "Tech Support / Download / rWeb / SECURITY UPDATES FOR PROTECT & DAOS" sections.
We are pleased to announce the availability of R&S®Web Application Firewall 6.5.4 (LTS), intended for use in production. Release date: 2019-10-17. Revision: 0f9c253+b11610.
We are pleased to announce the availability of R&S®Web Application Firewall 5.5.15 (LTS), intended for use in production. Release date: 2019-10-07. Revision: 149370ab1695349924ce0e36cd50c7fd43e1c7f9.
We are pleased to announce the availability of R&S®Web Application Firewall 6.5.3 patch3 (LTS), intended for use in production. Release date: 2019-09-30. Revision: 5136bd5+b11268.
We are pleased to announce the availability of R&S®Web Application Firewall 6.5.3 patch2 (LTS), intended for use in production. Release date: 2019-09-02. Revision: 5078647+b10821.
We are pleased to announce the availability of R&S®Web Application Firewall 6.5.3 patch1 (LTS), intended for use in production. Release date: 2019-08-22. Revision: 5489985+b10656.
We are pleased to announce the availability of R&S®Web Application Firewall 6.5.0 patch4 (LTS), intended for use in production. Release date: 2019-08-12. Revision: 8fb49dd+b10612.
Security release for WAF BSU/DSU 3.32 2019-07-18
The Security update 3.32.0-ca97ac3.bsu and 3.32.0-ca97ac3.dsu for DAWAF / WAM / WSF is now available. Download it from the / Tech Support / Download / iSuite DAWAF / SECURITY UPDATES FOR LTS I-SUITE & LVS DENYALL WAF section.
We are pleased to announce the availability of R&S®Web Application Firewall 6.5.3 (LTS), intended for use in production. Release date: 2019-07-18. Revision: c0b7808+b10356.
SACK Panic 2019-06-19
New flaws on the TCP stack have been discovered on the Linux (and FreeBSD) Kernels. Researchers from Netflix have identified vulnerabilities related to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most severe vulnerability is called the "SACK Panic" that could allow a remote attacker to trigger a kernel panic in systems and so, impact the system's availability.
We are pleased to announce the availability of R&S®Web Application Firewall 6.5.2 patch3 (LTS), intended for use in production. Release date: 2019-05-27. Revision: c0417f5+b9368.
Microarchitectural Data Sampling - CVE-2018-12130, CVE-2018-12126, CVE-2018-12127 and CVE-2019-11091 2019-05-21
New microarchitectural flaws on processor have been published in May 2019. As Meltdown, Spectre and Foreshadow, these new vulnerabilities can allow a malicious user to steal sensitive data like passwords and user keys from other system programs or virtual instances. It may affects all systems using an Intel CPU
We are pleased to announce the availability of R&S®Web Application Firewall 6.5.2 patch2 (LTS), intended for use in production. Release date: 2019-05-06. Revision: 4d48e6c+b9149.
Release Note 5.5.14 2019-04-23
Release date: 23rd April 2019. Revision: 6ef08f0b21106c6d38ba8101db979048e47af588 .This version is a maintenance release of the Long Term Support (LTS) v5.5.
Security release for WAF BSU/DSU 3.31 2019-04-11
The Security update 3.31.0-6938e87.bsu and 3.31.0-6938e87.dsu for DAWAF / WAM / WSF is now available. Download it from the / Tech Support / Download / iSuite DAWAF / SECURITY UPDATES FOR LTS I-SUITE & LVS DENYALL WAF section.
We are pleased to announce the availability of R&S®Web Application Firewall 6.5.2 patch1 (LTS), intended for use in production. Release date: 2019-04-02. Revision: a27ef00+b8748.
We are pleased to announce the availability of R&S®Web Application Firewall 6.5.2 (LTS), intended for use in production. Release date: 2019-03-06. Revision: 23cdc10+b8374.
We are pleased to announce the availability of R&S®Web Application Firewall 6.5.1 (LTS), intended for use in production. Release date: 2018-12-13. Revision: 430dd93+b7378.
Security release for WAF BSU/DSU 3.30 2018-09-17
The Security update 3.30.0-990b8e6.bsu and 3.30.0-990b8e6.dsu for DAWAF / WAM / WSF is now available. Download it from the / Tech Support / Download / iSuite DAWAF / SECURITY UPDATES FOR LTS I-SUITE & LVS DENYALL WAF section.
CVE-2018-11776 - Apache Struts2 S2-057 2018-08-30
A new vulnerability was discovered in Apache Struts 2 that can lead to a possible Remote Code Execution (RCE) attack. The vulnerability is located in the core of Apache Struts. All applications that use Struts are potentially vulnerable, even when no additional plugins have been enabled.
Foreshadow attack 2018-08-28
Security researchers have discovered a speculative execution attack side-channel targeting Intel processors that can allow unauthorized programs to steal sensitive information inside the L1 data cache. The attack has been called the “Foreshadow attack”.
Splunk Application for R&S®Web Application Firewall 6.5 2018-07-16
This Splunk application is designed to work with data source from R&S®Web Application Firewall 6.5.
We are pleased to announce the availability of R&S®Web Application Firewall 6.5 (LTS), intended for use in production. Release date: 2018-05-28. Revision: aa47ecd+b5834.
Maintenance operation 2018-05-04
A maintenance operation of the website https://my.denyall.com is scheduled this Week-end from 2018/05/05 to 2018/05/06 . The 24/7 Premium Support remains accessible. We apologize for the inconvenience. From Monday 2018/05/07, if you encounter a problem on our platform https://my.denyall.com/ please contact technical support by email or phone.
Meltdown and Spectre attacks 2018-01-10
Major vulnerabilities named Meltdown and Spectre have emerged, impacting almost all modern microprocessors.
Robot Attack vulnerability 2017-12-14
The Bleichenbacher attack is back, now named "Return Of Bleichenbacher's Oracle Threat" (ROBOT). This 19year-old
vulnerability can allow an attacker to decrypt HTTPS traffic by exploiting some RSA encryption implementations.
ADVISORY: Unauthenticated Remote Code Execution sur DenyAll Web Application Firewall 2017-09-22
The vulnerability allows attackers to remotely execute Shell commands through the PHP API running on the administration interface (port 3001/tcp) of the WAF.
Release note DA WAF 6.4 (LVS) 2017-09-18
This document details changes introduced by the 6.4 version for DenyAll Web Application Firewall.
Security Research Advisory: A remote command execute (RCE) has been discovered in Apache Struts 2 2017-09-13
A remote command execute (RCE) has been discovered in Apache Struts 2, affecting versions 2.1.2 to 2.3.33 and 2.5 to 2.5.12.
A critical access bypass vulnerability has been published and fixed by the Drupal Security team on 19th April 2017. A remote attacker can retrieve an access to a Drupal 8.x web site through the RESTful Web Services module using PATCH requests.
CVE-2017-7269 - Buffer Overflow Vulnerability on IIS 6.0 2017-04-14
A buffer overflow has been discovered in the WebDAV service in Internet Information Services ISS 6.0 in Microsoft Windows Server 2003 R2. The vulnerability can lead to remote code execution (RCE) but it can only be exploited if the WebDAV service is enabled.
Release note DA WAF 6.3 (LVS) 2017-03-31
This document details changes introduced by the 6.3 version for DenyAll Web Application Firewall.
A serious vulnerability was discovered in Apache Struts 2, affecting versions of Apache Struts 2.3.5–2.3.31 and 2.5–2.5.10
Release notes 5.5.12 2017-02-02
Release date: february 02 2017. Revision: r37843. This version is a maintenance release of the Long Term Support (LTS) v5.5.
Release notes 5.5.11 2016-11-17
Release date: November 17 2016. Revision: r36634. This version is a maintenance release of the Long Term Support (LTS) v5.5.
Release DAWAF Security Update v5-3.26 2016-10-19
The Security update security-update-v5-3.26-36281.bsu for DAWAF / WAM / WSF is now available. Download it from the / Tech Support / Download / iSuite DAWAF / SECURITY UPDATES FOR LTS I-SUITE & LVS DENYALL WAF section.
Release note DA WAF 6.2 (LVS) 2016-10-10
This document details changes introduced by the 6.2 version for DenyAll Web Application Firewall.
OpenSSL versions 1.0.2i and 1.0.1u have been published on 22th September, 2016, to correct one high, one moderate and several low vulnerabilities.Four days later, new OpenSSL versions have been immediately released to fix 2 issues introduced in version 1.0.2i and 1.1.0a.
On 08th August, 2016, a flow has been discovered in the Linux kernel's TCP/IP implementation of the challenge ACK rate limiting (RFC 5961). A man-in-the-middle attacker could inject malicious data into unsecured TCP connections.
Release notes 5.5.10 2016-07-22
Release date: July 21 2016. Revision: r35317. This version is a maintenance release of the Long Term Support (LTS) v5.5.
rWeb / sProxy 4.2.2 2016-07-19
This document details all changes introduced in rWeb 4.2.2 version
