Lucene search

MitreCVE-2009-0468

HistoryFeb 10, 2009 - 7:00 a.m.

CVE-2009-0468

2009-02-1007:00:24

CWE-352

mitre

web.nvd.nist.gov

csrf

vulnerability

profense

2.6.2

2.6.3

ajax

security

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.003

Percentile

69.8%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via parameters in the query string.

Affected configurations

Nvd

Node

armorlogicprofense_web_application_firewallMatch2.6.2

armorlogicprofense_web_application_firewallMatch2.6.3

VendorProductVersionCPE
armorlogicprofense_web_application_firewall2.6.2cpe:2.3:a:armorlogic:profense_web_application_firewall:2.6.2:*:*:*:*:*:*:*
armorlogicprofense_web_application_firewall2.6.3cpe:2.3:a:armorlogic:profense_web_application_firewall:2.6.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
armorlogic	profense_web_application_firewall	2.6.2	cpe:2.3:a:armorlogic:profense_web_application_firewall:2.6.2:::::::*
armorlogic	profense_web_application_firewall	2.6.3	cpe:2.3:a:armorlogic:profense_web_application_firewall:2.6.3:::::::*

References

osvdb.org/51660

secunia.com/advisories/33739

www.securityfocus.com/bid/33523

www.exploit-db.com/exploits/7919

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.003

Percentile

69.8%

JSON

Related for CVE-2009-0468