ArmorlogicCVEs & Vulnerabilities

5 CVEs affecting Armorlogic products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

profense web application firewall 10
CVE-2009-1745CRITICAL

Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access.

21 May 2009
10.0
CVSS
CVE-2009-1594HIGH

Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL.

21 May 2009
7.5
CVSS
CVE-2009-1593MEDIUMpoc

Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element.

21 May 2009
4.3
CVSS
CVE-2009-0468MEDIUMpoc

Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via parameters in the query string.

10 Feb 2009
6.8
CVSS
CVE-2009-0467MEDIUMpoc

Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action.

10 Feb 2009
4.3
CVSS
← PrevPage 1 / 1Next →