CVE-2009-2300

EUVD-2009-2296
The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
phionairlock_web_application_firewall
4.1-10.41
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/35641
http://www.securityfocus.com/archive/1/504681/100/0/threaded
https://techzone.phion.com/hotfix_HF4112
http://secunia.com/advisories/35641
http://www.securityfocus.com/archive/1/504681/100/0/threaded
https://techzone.phion.com/hotfix_HF4112