IP Disclosure Vulnerability in Cisco ACE XML Gateway and Web Application Firewall
CVE-2009-3457

Currently unrated

Key Information:

Vendor

Cisco
Status
Ace Xml Gateway
Ace Web Application Firewall
Vendor
CVE Published:
29 September 2009

What is CVE-2009-3457?

The Cisco ACE XML Gateway and ACE Web Application Firewall before version 6.1 are susceptible to a vulnerability that allows remote attackers to extract sensitive internal IP address information. This situation can occur when an HTTP request lacks a proper handler, such as an OPTIONS request or a specially crafted GET request. The resulting error messages may inadvertently disclose the client's intranet IP address, potentially exposing the network to further attacks. This issue emphasizes the importance of securing application request handling.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_...
x_refsource_MISC
http://www.cisco.com/en/US/products/products_security_res...
vendor-advisoryx_refsource_CISCO
http://seclists.org/fulldisclosure/2009/Sep/0369.html
mailing-listx_refsource_FULLDISC

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.