Vulnerability Description
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Armorlogic | Profense Web Application Firewall | <= 2.2.21 |
Related Weaknesses (CWE)
References
- http://resources.enablesecurity.com/advisories/ES-20090500-profense.txt
- http://www.securityfocus.com/archive/1/503649/100/0/threaded
- http://www.securityfocus.com/bid/35053
- http://www.webappsec.org/lists/websecurity/archive/2009-05/msg00040.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50662
- http://resources.enablesecurity.com/advisories/ES-20090500-profense.txt
- http://www.securityfocus.com/archive/1/503649/100/0/threaded
- http://www.securityfocus.com/bid/35053
- http://www.webappsec.org/lists/websecurity/archive/2009-05/msg00040.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50662
FAQ
What is CVE-2009-1594?
CVE-2009-1594 is a vulnerability with a CVSS score of 7.5 (HIGH). Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechani...
How severe is CVE-2009-1594?
CVE-2009-1594 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1594?
Check the references section above for vendor advisories and patch information. Affected products include: Armorlogic Profense Web Application Firewall.