QwikSec

Security Database

CVE

CWE

Training

CVE-2009-2300

Published: Jul 2, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20090701 phion airlock Web Application Firewall: Remote Denial of Service via Management Interface (unauthenticated) and Command Execution

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

https://techzone.phion.com/hotfix_HF4112

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.