Vulnerability Description
Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ace Web Application Firewall | <= 6.0\(3\) |
| Cisco | Ace Xml Gateway | <= 6.0\(3\) |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2009/Sep/0369.htmlExploitPatch
- http://secunia.com/advisories/36879
- http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txtExploit
- http://www.cisco.com/en/US/products/products_security_response09186a0080af8965.h
- http://www.securityfocus.com/archive/1/506716/100/0/threaded
- http://www.securityfocus.com/bid/36522
- http://www.securitytracker.com/id?1022949
- http://www.vupen.com/english/advisories/2009/2778
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53482
- http://seclists.org/fulldisclosure/2009/Sep/0369.htmlExploitPatch
- http://secunia.com/advisories/36879
- http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txtExploit
- http://www.cisco.com/en/US/products/products_security_response09186a0080af8965.h
- http://www.securityfocus.com/archive/1/506716/100/0/threaded
- http://www.securityfocus.com/bid/36522
FAQ
What is CVE-2009-3457?
CVE-2009-3457 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an...
How severe is CVE-2009-3457?
CVE-2009-3457 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3457?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ace Web Application Firewall, Cisco Ace Xml Gateway.