Sign-up

ID

VAR-200907-0123


CVE

CVE-2009-2301


TITLE

AppWall Web Application Firewall and Gateway Vulnerabilities in which source code can be read

Trust: 0.8

sources: JVNDB: JVNDB-2009-002657

DESCRIPTION

The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/. Gateway is prone to a remote security vulnerability. Radware AppWall is a hardware Web Application Firewall (WAF). The radware AppWall firewall operates as a reverse proxy between the client and the protected web server. All HTTP requests are inspected before being forwarded to the web server. The device can be managed through a separate management page that is normally inaccessible to external users. This web page is implemented using the PHP programming language. Some functions are stored in include files and embedded when needed. Because web servers do not interpret files with the extension *.inc, users with access to the management interface can access portions of the product source code by directly requesting the included files

Trust: 1.98

sources: NVD: CVE-2009-2301 // JVNDB: JVNDB-2009-002657 // BID: 79455 // VULHUB: VHN-39747

AFFECTED PRODUCTS

vendor:radwaremodel:gatewayscope:eqversion:4.6.0.2

Trust: 1.8

vendor:radwaremodel:appwallscope:eqversion:1.0.2.6

Trust: 1.6

vendor:radwaremodel:appwall web application firewallscope:eqversion:1.0.2.6

Trust: 0.8

vendor:radwaremodel:gatewayscope:eqversion:4.6.2

Trust: 0.3

vendor:radwaremodel:appwallscope:eqversion:1.0.26

Trust: 0.3

sources: BID: 79455 // JVNDB: JVNDB-2009-002657 // CNNVD: CNNVD-200907-039 // NVD: CVE-2009-2301

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2301
value: HIGH

Trust: 1.0

NVD: CVE-2009-2301
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200907-039
value: HIGH

Trust: 0.6

VULHUB: VHN-39747
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-2301
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-39747
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-39747 // JVNDB: JVNDB-2009-002657 // CNNVD: CNNVD-200907-039 // NVD: CVE-2009-2301

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-39747 // JVNDB: JVNDB-2009-002657 // NVD: CVE-2009-2301

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200907-039

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200907-039

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-002657

PATCH
title:Top Pageurl:http://www.radware.com
Trust: 0.8
title:Top Pageurl:http://www.radware.co.jp
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-002657

EXTERNAL IDS
db:NVDid:CVE-2009-2301
Trust: 2.8
db:JVNDBid:JVNDB-2009-002657
Trust: 0.8
db:BUGTRAQid:20090701 RADWARE APPWALL WEB APPLICATION FIREWALL: SOURCE CODE DISCLOSURE ON MANAGEMENT INTERFACE
Trust: 0.6
db:CNNVDid:CNNVD-200907-039
Trust: 0.6
db:BIDid:79455
Trust: 0.4
db:VULHUBid:VHN-39747
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39747 // 
            
            
            
            BID: 79455 // 
            
            
            
            JVNDB: JVNDB-2009-002657 // 
            
            
            
            CNNVD: CNNVD-200907-039 // 
            
            
            
            NVD: CVE-2009-2301

REFERENCES
url:http://www.securityfocus.com/archive/1/504682/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/archive/1/504682/100/0/threaded
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2301
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2301
Trust: 0.8
sources:
            
            
            VULHUB: VHN-39747 // 
            
            
            
            BID: 79455 // 
            
            
            
            JVNDB: JVNDB-2009-002657 // 
            
            
            
            CNNVD: CNNVD-200907-039 // 
            
            
            
            NVD: CVE-2009-2301

CREDITS
Michael Kirchner
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200907-039

SOURCES
db:VULHUBid:VHN-39747
db:BIDid:79455
db:JVNDBid:JVNDB-2009-002657
db:CNNVDid:CNNVD-200907-039
db:NVDid:CVE-2009-2301

LAST UPDATE DATE
2025-04-10T23:11:15.164000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-39747date:2018-10-10T00:00:00
db:BIDid:79455date:2009-07-02T00:00:00
db:JVNDBid:JVNDB-2009-002657date:2011-06-07T00:00:00
db:CNNVDid:CNNVD-200907-039date:2009-07-02T00:00:00
db:NVDid:CVE-2009-2301date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-39747date:2009-07-02T00:00:00
db:BIDid:79455date:2009-07-02T00:00:00
db:JVNDBid:JVNDB-2009-002657date:2011-06-07T00:00:00
db:CNNVDid:CNNVD-200907-039date:2009-07-02T00:00:00
db:NVDid:CVE-2009-2301date:2009-07-02T10:30:00.453