Armorlogic Profense Web Application Firewall vulnerabilities
5 known vulnerabilities affecting armorlogic/profense_web_application_firewall.
Total CVEs
5
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2009-1745P3CRITICALCVSS 10.0≤ 2.2.21v2.42009-05-21
CVE-2009-1745 [CRITICAL] CWE-255 CVE-2009-1745: Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default ro
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access.
nvd
CVE-2009-0468P4MEDIUMCVSS 6.8PoCv2.6.2v2.6.32009-02-10
CVE-2009-0468 [MEDIUM] CWE-352 CVE-2009-0468: Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application
Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via
nvd
CVE-2009-1593P4MEDIUMCVSS 4.3PoC≤ 2.2.21v2.42009-05-21
CVE-2009-1593 [MEDIUM] CWE-79 CVE-2009-1593: Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properl
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element.
nvd
CVE-2009-0467P4MEDIUMCVSS 4.3PoCv2.6.2v2.6.32009-02-10
CVE-2009-0467 [MEDIUM] CWE-79 CVE-2009-0467: Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 an
Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action.
nvd
CVE-2009-1594P4HIGHCVSS 7.5≤ 2.2.21v2.42009-05-21
CVE-2009-1594 [HIGH] CWE-264 CVE-2009-1594: Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properl
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL.
nvd