QwikSec

Security Database

CVE

CWE

Training

CVE-2009-1594

Published: May 21, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

profense-whitelist-security-bypass(50662)

vdb-entry

x_refsource_XF

http://resources.enablesecurity.com/advisories/ES-20090500-profense.txt

x_refsource_MISC

vdb-entry

x_refsource_BID

20090520 Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.

mailing-list

x_refsource_BUGTRAQ

[websecurity] 20090519 [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2009-001 and EnableSecurity Advisory ES-20090500

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.