Lucene search

[email protected]CVE-2009-3457

HistorySep 29, 2009 - 6:00 p.m.

CVE-2009-3457

2009-09-2918:00:00

CWE-200

[email protected]

web.nvd.nist.gov

cisco

ace

xml gateway

ace waf

remote attack

sensitive information

http request

bug id

csctb82159

cve-2009-3457

nvd

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

86.1%

JSON

Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159.

Affected configurations

NVD

Node

ciscoace_web_application_firewallRange≤6.0\(3\)

ciscoace_web_application_firewallMatch6.0\(0\)

ciscoace_web_application_firewallMatch6.0\(1\)

ciscoace_web_application_firewallMatch6.0\(2\)

ciscoace_xml_gatewayRange≤6.0\(3\)

ciscoace_xml_gatewayMatch6.0\(0\)

ciscoace_xml_gatewayMatch6.0\(1\)

ciscoace_xml_gatewayMatch6.0\(2\)

CPENameOperatorVersion
cisco:ace_web_application_firewallcisco ace web application firewallle6.0\(3\)
cisco:ace_web_application_firewallcisco ace web application firewalleq6.0\(0\)
cisco:ace_web_application_firewallcisco ace web application firewalleq6.0\(1\)
cisco:ace_web_application_firewallcisco ace web application firewalleq6.0\(2\)
cisco:ace_xml_gatewaycisco ace xml gatewayle6.0\(3\)
cisco:ace_xml_gatewaycisco ace xml gatewayeq6.0\(0\)
cisco:ace_xml_gatewaycisco ace xml gatewayeq6.0\(1\)
cisco:ace_xml_gatewaycisco ace xml gatewayeq6.0\(2\)

CPE	Name	Operator	Version
cisco:ace_web_application_firewall	cisco ace web application firewall	le	6.0\(3\)
cisco:ace_web_application_firewall	cisco ace web application firewall	eq	6.0\(0\)
cisco:ace_web_application_firewall	cisco ace web application firewall	eq	6.0\(1\)
cisco:ace_web_application_firewall	cisco ace web application firewall	eq	6.0\(2\)
cisco:ace_xml_gateway	cisco ace xml gateway	le	6.0\(3\)
cisco:ace_xml_gateway	cisco ace xml gateway	eq	6.0\(0\)
cisco:ace_xml_gateway	cisco ace xml gateway	eq	6.0\(1\)
cisco:ace_xml_gateway	cisco ace xml gateway	eq	6.0\(2\)

References

seclists.org/fulldisclosure/2009/Sep/0369.html

secunia.com/advisories/36879

www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt

www.cisco.com/en/US/products/products_security_response09186a0080af8965.html

www.securityfocus.com/archive/1/506716/100/0/threaded

www.securityfocus.com/bid/36522

www.securitytracker.com/id?1022949

www.vupen.com/english/advisories/2009/2778

exchange.xforce.ibmcloud.com/vulnerabilities/53482

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

86.1%

JSON

Related for CVE-2009-3457

nvd1 prion1 cvelist1