Sign-up

ID

VAR-200909-0292


CVE

CVE-2009-3457


TITLE

Cisco AXG Vulnerabilities that collect important information

Trust: 0.8

sources: JVNDB: JVNDB-2009-003800

DESCRIPTION

Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159. Cisco Application Control Engine (ACE) XML Gateway is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that can aid in further attacks. This issue is being tracked by Cisco Bug CSCtb82159. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. The weakness is caused due to error messages generated as responses to unsupported HTTP requests including a client's normally hidden, internal IP address. This can be exploited to disclose the IP address of e.g. an internal load balancer via e.g. an OPTIONS HTTP request. SOLUTION: The weakness will reportedly be fixed in system software version 6.1, expected to be available in November 2009. Remove IP addresses from outgoing HTTP error messages by using a web proxy. PROVIDED AND/OR DISCOVERED BY: nitr\xd8us (Alejandro Hernandez H.), CubilFelino Security Research Lab ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20090925-axg.shtml CubilFelino Security Research Lab: http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2009-3457 // JVNDB: JVNDB-2009-003800 // BID: 36522 // VULHUB: VHN-40903 // PACKETSTORM: 81682

AFFECTED PRODUCTS

vendor:ciscomodel:ace xml gatewayscope:eqversion:6.0\(0\)

Trust: 1.6

vendor:ciscomodel:ace web application firewallscope:eqversion:6.0\(1\)

Trust: 1.6

vendor:ciscomodel:ace xml gatewayscope:eqversion:6.0\(2\)

Trust: 1.6

vendor:ciscomodel:ace xml gatewayscope:eqversion:6.0\(1\)

Trust: 1.6

vendor:ciscomodel:ace web application firewallscope:eqversion:6.0\(0\)

Trust: 1.6

vendor:ciscomodel:ace web application firewallscope:eqversion:6.0\(2\)

Trust: 1.6

vendor:ciscomodel:ace web application firewallscope:lteversion:6.0\(3\)

Trust: 1.0

vendor:ciscomodel:ace xml gatewayscope:lteversion:6.0\(3\)

Trust: 1.0

vendor:ciscomodel:ace web application firewallscope:ltversion:6.1

Trust: 0.8

vendor:ciscomodel:ace xml gatewayscope:ltversion:6.1

Trust: 0.8

vendor:ciscomodel:ace web application firewallscope:eqversion:6.0\(3\)

Trust: 0.6

vendor:ciscomodel:ace xml gatewayscope:eqversion:6.0\(3\)

Trust: 0.6

vendor:ciscomodel:application control engine xml gatewayscope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:application control engine web app. firewallscope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:ace xml gatewayscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:application control engine xml gatewayscope:neversion:6.1

Trust: 0.3

vendor:ciscomodel:application control engine web app. firewallscope:neversion:6.1

Trust: 0.3

sources: BID: 36522 // JVNDB: JVNDB-2009-003800 // CNNVD: CNNVD-200910-056 // NVD: CVE-2009-3457

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-3457
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-3457
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200910-056
value: MEDIUM

Trust: 0.6

VULHUB: VHN-40903
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-3457
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-40903
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-40903 // JVNDB: JVNDB-2009-003800 // CNNVD: CNNVD-200910-056 // NVD: CVE-2009-3457

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-40903 // JVNDB: JVNDB-2009-003800 // NVD: CVE-2009-3457

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200910-056

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200910-056

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-003800

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-40903

PATCH
title:Document ID: 600url:http://www.cisco.com/en/US/products/csr/cisco-sr-20090925-axg.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-003800

EXTERNAL IDS
db:NVDid:CVE-2009-3457
Trust: 2.8
db:BIDid:36522
Trust: 2.0
db:SECUNIAid:36879
Trust: 1.8
db:VUPENid:ADV-2009-2778
Trust: 1.7
db:SECTRACKid:1022949
Trust: 1.7
db:JVNDBid:JVNDB-2009-003800
Trust: 0.8
db:CNNVDid:CNNVD-200910-056
Trust: 0.7
db:CISCOid:20090925 UNMATCHED REQUEST DISCLOSES CLIENT INTERNAL IP ADDRESS
Trust: 0.6
db:FULLDISCid:20090924 CISCO ACE XML GATEWAY <= 6.0 INTERNAL IP DISCLOSURE
Trust: 0.6
db:BUGTRAQid:20090925 CISCO ACE XML GATEWAY <= 6.0 INTERNAL IP DISCLOSURE
Trust: 0.6
db:XFid:53482
Trust: 0.6
db:SEEBUGid:SSVID-67014
Trust: 0.1
db:EXPLOIT-DBid:10000
Trust: 0.1
db:VULHUBid:VHN-40903
Trust: 0.1
db:PACKETSTORMid:81682
Trust: 0.1
sources:
            
            
            VULHUB: VHN-40903 // 
            
            
            
            BID: 36522 // 
            
            
            
            JVNDB: JVNDB-2009-003800 // 
            
            
            
            PACKETSTORM: 81682 // 
            
            
            
            CNNVD: CNNVD-200910-056 // 
            
            
            
            NVD: CVE-2009-3457

REFERENCES
url:http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt
Trust: 2.1
url:http://www.securityfocus.com/bid/36522
Trust: 1.7
url:http://www.cisco.com/en/us/products/products_security_response09186a0080af8965.html
Trust: 1.7
url:http://seclists.org/fulldisclosure/2009/sep/0369.html
Trust: 1.7
url:http://www.securitytracker.com/id?1022949
Trust: 1.7
url:http://secunia.com/advisories/36879
Trust: 1.7
url:http://www.vupen.com/english/advisories/2009/2778
Trust: 1.7
url:http://www.securityfocus.com/archive/1/506716/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/53482
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3457
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3457
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/53482
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/506716/100/0/threaded
Trust: 0.6
url:http://www.cisco.com/warp/public/707/cisco-sr-20090925-axg.shtml
Trust: 0.4
url:http://www.cisco.com/en/us/products/ps7314/
Trust: 0.3
url:/archive/1/506716
Trust: 0.3
url:http://secunia.com/advisories/36879/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/business_solutions/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-40903 // 
            
            
            
            BID: 36522 // 
            
            
            
            JVNDB: JVNDB-2009-003800 // 
            
            
            
            PACKETSTORM: 81682 // 
            
            
            
            CNNVD: CNNVD-200910-056 // 
            
            
            
            NVD: CVE-2009-3457

CREDITS
Alejandro Hernandez H. nitrousenador@gmail.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200910-056

SOURCES
db:VULHUBid:VHN-40903
db:BIDid:36522
db:JVNDBid:JVNDB-2009-003800
db:PACKETSTORMid:81682
db:CNNVDid:CNNVD-200910-056
db:NVDid:CVE-2009-3457

LAST UPDATE DATE
2024-11-23T22:14:31.214000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-40903date:2018-10-10T00:00:00
db:BIDid:36522date:2015-04-13T21:06:00
db:JVNDBid:JVNDB-2009-003800date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200910-056date:2009-10-01T00:00:00
db:NVDid:CVE-2009-3457date:2024-11-21T01:07:24.033

SOURCES RELEASE DATE
db:VULHUBid:VHN-40903date:2009-09-29T00:00:00
db:BIDid:36522date:2009-09-25T00:00:00
db:JVNDBid:JVNDB-2009-003800date:2012-06-26T00:00:00
db:PACKETSTORMid:81682date:2009-09-28T05:54:18
db:CNNVDid:CNNVD-200910-056date:2009-09-29T00:00:00
db:NVDid:CVE-2009-3457date:2009-09-29T18:00:00.407