5

CVE-2009-3457

Exploit

EPSS 9.4%
Veröffentlicht 29.09.2009 18:00:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Ace Web Application Firewall Version <= 6.0\(3\)

Cisco ≫ Ace Xml Gateway Version <= 6.0\(3\)

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.4%	0.92

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://seclists.org/fulldisclosure/2009/Sep/0369.html

Patch

Exploit

http://secunia.com/advisories/36879

http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt

Exploit

http://www.cisco.com/en/US/products/products_security_response09186a0080af8965.html

http://www.securityfocus.com/archive/1/506716/100/0/threaded

http://www.securityfocus.com/bid/36522

http://www.securitytracker.com/id?1022949

http://www.vupen.com/english/advisories/2009/2778

https://exchange.xforce.ibmcloud.com/vulnerabilities/53482

https://nvd.nist.gov/vuln/detail/CVE-2009-3457

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3457

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3457

EUVD