Lucene search
MitreCVE-2009-1594HistoryMay 21, 2009 - 2:30 p.m.
CVE-2009-1594
2009-05-2114:30:00
CWE-264
mitre
web.nvd.nist.gov
24
armorlogic
profense
web application firewall
vulnerability
cve-2009-1594
security
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
5.9
Confidence
High
EPSS
0.005
Percentile
76.7%
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the “positive model,” which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL.
Affected configurations
Node
armorlogicprofense_web_application_firewallRange≤2.2.21
ORarmorlogicprofense_web_application_firewallMatch2.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| armorlogic | profense_web_application_firewall | * | cpe:2.3:a:armorlogic:profense_web_application_firewall:*:*:*:*:*:*:*:* |
| armorlogic | profense_web_application_firewall | 2.4 | cpe:2.3:a:armorlogic:profense_web_application_firewall:2.4:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2009-1594
2009-05-21 14:00:00
prion
prion
Cross site scripting
2009-05-21 14:30:00
nvd
nvd
CVE-2009-1594
2009-05-21 14:30:00
securityvulns
securityvulns
Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.
2009-05-21 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
5.9
Confidence
High
EPSS
0.005
Percentile
76.7%
Related for CVE-2009-1594