IP Disclosure Vulnerability in Cisco ACE XML Gateway and Web Application Firewall
CVE-2009-3457

Currently unrated

Key Information:

Vendor
Cisco
Status
Ace Xml Gateway
Ace Web Application Firewall
Vendor
CVE Published:
29 September 2009

Summary

The Cisco ACE XML Gateway and ACE Web Application Firewall before version 6.1 are susceptible to a vulnerability that allows remote attackers to extract sensitive internal IP address information. This situation can occur when an HTTP request lacks a proper handler, such as an OPTIONS request or a specially crafted GET request. The resulting error messages may inadvertently disclose the client's intranet IP address, potentially exposing the network to further attacks. This issue emphasizes the importance of securing application request handling.

References

http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_...
x_refsource_MISC
http://www.cisco.com/en/US/products/products_security_res...
vendor-advisoryx_refsource_CISCO
http://seclists.org/fulldisclosure/2009/Sep/0369.html
mailing-listx_refsource_FULLDISC

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.