NEWS: YAAV (Yet Another Application Vulnerability)

Last week, Dawid Golunski revealed a new SQL injection vulnerability affecting MySQL databases (and the derivated MariaDB…), recorded under CVE-2016-6662, rated as high risk (CVSS : 7.1) because the attacker could gain a root access to the vulnerable server.
Oracle, although informed since July 29th, has not provided a fix yet.

This is yet another example of a vulnerability that exposes companies’ information for months before being fixed.
Exposure also occurs with home-made specific web applications that may have built-in vulnerabilities which remediation can take months or even be impossible.

What shall we do meanwhile ?

DenyAll’s Web Application Firewall (WAF) provides a solution that avoids exploiting such vulnerabilities.
The purpose of our WAF is not to stick to known vulnerabilities, requiring frequent updates and failing at protecting from new vulnerabilities. We offer generic protection rules and semantic-based engines that look at the logic of the attack, whatever vulnerability may exist behind.

Choosing a next-generation WAF is definitively the best way to avoid losing confidential information and compromising critical assets.

 

Vincent Maury, Chief Technology Officer on LinkedinVincent Maury, Chief Technology Officer on Twitter
Vincent Maury, Chief Technology Officer
Vincent is our beloved Chief Technical Officer. He loves working in the security field and doing it the right way. Products and services he develops have a common #1 goal: Keeping it as simple as possible for users to secure their IT assets.