SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2009-3457

Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE

Reference:

SECTRACK-1022949

http://seclists.org/fulldisclosure/2009/Sep/0369.html

http://www.securityfocus.com/archive/1/506716/100/0/threaded

http://www.cisco.com/en/US/products/products_security_response09186a0080af8965.html

BID-36522

SECUNIA-36879

ADV-2009-2778

cisco-ace-ipaddress-info-disclosure(53482)

http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt


30479



423868



248268



909



195051



282