Details of VAR-200905-0168

ID

VAR-200905-0168

CVE

CVE-2009-1594

TITLE

Armorlogic Profense Web Application Firewall Vulnerabilities that bypass specific protection mechanisms

Trust: 0.8

sources: JVNDB: JVNDB-2009-003400

DESCRIPTION

Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL. Profense Web Application Firewall is prone to multiple security-bypass vulnerabilities. An attacker can exploit these issues to bypass certain security restrictions and perform various web-application attacks. Versions *prior to* the following are vulnerable: Profense 2.4.4 Profense 2.2.22. Remote attackers can include modified SCRIPT element end tags or % in URL requests

Trust: 1.98

sources: NVD: CVE-2009-1594 // JVNDB: JVNDB-2009-003400 // BID: 35053 // VULHUB: VHN-39040

AFFECTED PRODUCTS

vendor:	armorlogic	model:	profense web application firewall	scope:	eq	version:	2.4	Trust: 1.6
vendor:	armorlogic	model:	profense web application firewall	scope:	lte	version:	2.2.21	Trust: 1.0
vendor:	armorlogic	model:	profense web application firewall	scope:	lt	version:	2.2.22	Trust: 0.8
vendor:	armorlogic	model:	profense web application firewall	scope:	eq	version:	2.2.21	Trust: 0.6
vendor:	armorlogic	model:	profense	scope:	eq	version:	2.4.2	Trust: 0.3
vendor:	armorlogic	model:	profense	scope:	eq	version:	2.2.20	Trust: 0.3
vendor:	armorlogic	model:	profense	scope:	ne	version:	2.4.4	Trust: 0.3
vendor:	armorlogic	model:	profense	scope:	ne	version:	2.2.22	Trust: 0.3

sources: BID: 35053 // JVNDB: JVNDB-2009-003400 // CNNVD: CNNVD-200905-262 // NVD: CVE-2009-1594

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-1594
value:	HIGH
Trust: 1.0
NVD:	CVE-2009-1594
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200905-262
value:	HIGH
Trust: 0.6
VULHUB:	VHN-39040
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-1594
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-39040
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-39040 // JVNDB: JVNDB-2009-003400 // CNNVD: CNNVD-200905-262 // NVD: CVE-2009-1594

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-39040 // JVNDB: JVNDB-2009-003400 // NVD: CVE-2009-1594

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200905-262

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200905-262

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-003400

PATCH

title:

Top Page

url:

http://www.armorlogic.com/

Trust: 0.8

sources: JVNDB: JVNDB-2009-003400

EXTERNAL IDS

db:	NVD	id:	CVE-2009-1594	Trust: 2.8
db:	BID	id:	35053	Trust: 2.0
db:	JVNDB	id:	JVNDB-2009-003400	Trust: 0.8
db:	MLIST	id:	[WEBSECURITY] 20090519 [WEB SECURITY] TRUSTWAVE'S SPIDERLABS SECURITY ADVISORY TWSL2009-001 AND ENABLESECURITY ADVISORY ES-20090500	Trust: 0.6
db:	BUGTRAQ	id:	20090520 ARMORLOGIC PROFENSE WEB APPLICATION FIREWALL 2.4 MULTIPLE VULNERABILITIES.	Trust: 0.6
db:	XF	id:	50662	Trust: 0.6
db:	CNNVD	id:	CNNVD-200905-262	Trust: 0.6
db:	VULHUB	id:	VHN-39040	Trust: 0.1

sources: VULHUB: VHN-39040 // BID: 35053 // JVNDB: JVNDB-2009-003400 // CNNVD: CNNVD-200905-262 // NVD: CVE-2009-1594

REFERENCES

url:	http://www.securityfocus.com/bid/35053	Trust: 1.7
url:	http://resources.enablesecurity.com/advisories/es-20090500-profense.txt	Trust: 1.7
url:	http://www.webappsec.org/lists/websecurity/archive/2009-05/msg00040.html	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/503649/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/50662	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1594	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1594	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/50662	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/503649/100/0/threaded	Trust: 0.6
url:	http://www.armorlogic.com/index.html	Trust: 0.3
url:	/archive/1/503649	Trust: 0.3

sources: VULHUB: VHN-39040 // BID: 35053 // JVNDB: JVNDB-2009-003400 // CNNVD: CNNVD-200905-262 // NVD: CVE-2009-1594

CREDITS

Sandro GauciWendel Guglielmetti Henrique

Trust: 0.6

sources: CNNVD: CNNVD-200905-262

SOURCES

db:	VULHUB	id:	VHN-39040
db:	BID	id:	35053
db:	JVNDB	id:	JVNDB-2009-003400
db:	CNNVD	id:	CNNVD-200905-262
db:	NVD	id:	CVE-2009-1594

LAST UPDATE DATE

2025-04-10T23:09:20.681000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-39040	date:	2018-10-10T00:00:00
db:	BID	id:	35053	date:	2009-05-21T20:50:00
db:	JVNDB	id:	JVNDB-2009-003400	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200905-262	date:	2009-05-23T00:00:00
db:	NVD	id:	CVE-2009-1594	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-39040	date:	2009-05-21T00:00:00
db:	BID	id:	35053	date:	2009-05-20T00:00:00
db:	JVNDB	id:	JVNDB-2009-003400	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200905-262	date:	2009-05-21T00:00:00
db:	NVD	id:	CVE-2009-1594	date:	2009-05-21T14:30:00.467