CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-2300

The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.017

EPSS Ranking 81.7%

CVSS Severity

CVSS v2 Score 10.0

References

http://secunia.com/advisories/35641
http://www.securityfocus.com/archive/1/504681/100/0/threaded
https://techzone.phion.com/hotfix_HF4112
http://secunia.com/advisories/35641
http://www.securityfocus.com/archive/1/504681/100/0/threaded
https://techzone.phion.com/hotfix_HF4112

Products affected by CVE-2009-2300

Phion » Airlock Web Application Firewall » Version: 4.1-10.41

cpe:2.3:a:phion:airlock_web_application_firewall:4.1-10.41

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-2300

Products

Pricing

Contact Us