Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3457

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-3457
Last Modified 01 Oct 2009 12:00:00
Published 29 Sep 2009 02:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-3457

Summary

Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159.

Vulnerable Systems


References

FULLDISC - 20090924 Cisco ACE XML Gateway <= 6.0 Internal IP disclosure

XF - cisco-ace-ipaddress-info-disclosure(53482)

VUPEN - ADV-2009-2778

SECTRACK - 1022949

BID - 36522

BUGTRAQ - 20090925 Cisco ACE XML Gateway <= 6.0 Internal IP disclosure

CISCO - 20090925 Unmatched Request Discloses Client Internal IP Address

MISC - http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt

SECUNIA - 36879


Last Updated: 27 May 2016 10:51:16