CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2009-2300

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile33.63th
Published2009年7月2日
Last Modified2026年4月23日

Vulnerability Description

The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request.

Affected Platforms (CPE)

📦
Phion

Airlock Web Application Firewall

= 4.1-10.41

References & Advisories

🔗 http://secunia.com/advisories/35641
🔗 http://www.securityfocus.com/archive/1/504681/100/0/threaded
🔗 https://techzone.phion.com/hotfix_HF4112
🔗 http://secunia.com/advisories/35641
🔗 http://www.securityfocus.com/archive/1/504681/100/0/threaded
🔗 https://techzone.phion.com/hotfix_HF4112

相關漏洞威脅

CVE-2009-227110.0

The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and ...

CVE-2009-427310.0

stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command...

CVE-2009-049210.0

Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerabilit...

CVE-2009-093910.0

Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec confor...