CVE-2014-2595

CRITICAL

Barracuda WAF 7.8.1.013 - Auth Bypass

Title source: llm

Description

Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nick Hayes · textremotehardware

https://www.exploit-db.com/exploits/39278

View Code ZIP pw:eip

References (7)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2014/Aug/5

[Broken Link] http://www.osvdb.org/109782

[Exploit, Third Party Advisory] https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/39278

[Broken Link] https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/

[Exploit, Third Party Advisory, VDB Entry] https://www.securityfocus.com/bid/69028

Scores

CVSS v3 9.8

EPSS 0.5747

EPSS Percentile 98.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-613

Status published

Products (1)

barracuda/web_application_firewall 7.8.1.013

Published Feb 12, 2020

Tracked Since Feb 18, 2026