CVE Record: CVE-2009-2300

Required CVE Record Information

Description

The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request.

Product Status

Learn more

Information not provided

References 3 Total

securityfocus.com: 20090701 phion airlock Web Application Firewall: Remote Denial of Service via Management Interface (unauthenticated) and Command Execution
external site
mailing-list
secunia.com: 35641
external site
third-party-advisory
https://techzone.phion.com/hotfix_HF4112
external site

Updated: 2024-08-07

This container includes required additional information provided by the CVE Program for this vulnerability.

References 3 Total

securityfocus.com: 20090701 phion airlock Web Application Firewall: Remote Denial of Service via Management Interface (unauthenticated) and Command Execution
external site
mailing-listx_transferred
secunia.com: 35641
external site
third-party-advisoryx_transferred
https://techzone.phion.com/hotfix_HF4112
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 3 Total

CVE Program

References 3 Total