Lucene search

[email protected]CVE-2009-0467

HistoryFeb 10, 2009 - 7:00 a.m.

CVE-2009-0467

2009-02-1007:00:24

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-0467

cross-site scripting

xss

profense web application firewall

security vulnerability

proxy parameter

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.4%

JSON

Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action.

Affected configurations

NVD

Node

armorlogicprofense_web_application_firewallMatch2.6.2

armorlogicprofense_web_application_firewallMatch2.6.3

CPENameOperatorVersion
armorlogic:profense_web_application_firewallarmorlogic profense web application firewalleq2.6.2
armorlogic:profense_web_application_firewallarmorlogic profense web application firewalleq2.6.3

CPE	Name	Operator	Version
armorlogic:profense_web_application_firewall	armorlogic profense web application firewall	eq	2.6.2
armorlogic:profense_web_application_firewall	armorlogic profense web application firewall	eq	2.6.3

References

osvdb.org/51659

secunia.com/advisories/33739

www.securityfocus.com/bid/33523

www.exploit-db.com/exploits/7919

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.4%

JSON

Related for CVE-2009-0467

cvelist1 nvd1 prion1