CyberSec.Space Logo
Back to CVE Browser

CVE-2009-2300

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile33.63th
PublishedJul 2, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request.

Affected Platforms (CPE)

πŸ“¦
Phion

Airlock Web Application Firewall

= 4.1-10.41

References & Advisories

πŸ”— http://secunia.com/advisories/35641
πŸ”— http://www.securityfocus.com/archive/1/504681/100/0/threaded
πŸ”— https://techzone.phion.com/hotfix_HF4112
πŸ”— http://secunia.com/advisories/35641
πŸ”— http://www.securityfocus.com/archive/1/504681/100/0/threaded
πŸ”— https://techzone.phion.com/hotfix_HF4112

Related Vulnerabilities

CVE-2009-306910.0

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of...

CVE-2009-307010.0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a deni...

CVE-2009-307210.0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird be...

CVE-2009-307310.0

Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial...