VAR-200907-0123
Vulnerability from variot - Updated: 2023-12-18 12:39The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/. Gateway is prone to a remote security vulnerability. Radware AppWall is a hardware Web Application Firewall (WAF). The radware AppWall firewall operates as a reverse proxy between the client and the protected web server. All HTTP requests are inspected before being forwarded to the web server. The device can be managed through a separate management page that is normally inaccessible to external users. This web page is implemented using the PHP programming language. Some functions are stored in include files and embedded when needed. Because web servers do not interpret files with the extension *.inc, users with access to the management interface can access portions of the product source code by directly requesting the included files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200907-0123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "eq",
"trust": 1.8,
"vendor": "radware",
"version": "4.6.0.2"
},
{
"model": "appwall",
"scope": "eq",
"trust": 1.6,
"vendor": "radware",
"version": "1.0.2.6"
},
{
"model": "appwall web application firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "radware",
"version": "1.0.2.6"
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "radware",
"version": "4.6.2"
},
{
"model": "appwall",
"scope": "eq",
"trust": 0.3,
"vendor": "radware",
"version": "1.0.26"
}
],
"sources": [
{
"db": "BID",
"id": "79455"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"db": "NVD",
"id": "CVE-2009-2301"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-039"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:radware:appwall:1.0.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:radware:gateway:4.6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2301"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Kirchner",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200907-039"
}
],
"trust": 0.6
},
"cve": "CVE-2009-2301",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-2301",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-39747",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-2301",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200907-039",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-39747",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39747"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"db": "NVD",
"id": "CVE-2009-2301"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-039"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/. Gateway is prone to a remote security vulnerability. Radware AppWall is a hardware Web Application Firewall (WAF). The radware AppWall firewall operates as a reverse proxy between the client and the protected web server. All HTTP requests are inspected before being forwarded to the web server. The device can be managed through a separate management page that is normally inaccessible to external users. This web page is implemented using the PHP programming language. Some functions are stored in include files and embedded when needed. Because web servers do not interpret files with the extension *.inc, users with access to the management interface can access portions of the product source code by directly requesting the included files",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2301"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"db": "BID",
"id": "79455"
},
{
"db": "VULHUB",
"id": "VHN-39747"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2301",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002657",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20090701 RADWARE APPWALL WEB APPLICATION FIREWALL: SOURCE CODE DISCLOSURE ON MANAGEMENT INTERFACE",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200907-039",
"trust": 0.6
},
{
"db": "BID",
"id": "79455",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-39747",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39747"
},
{
"db": "BID",
"id": "79455"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"db": "NVD",
"id": "CVE-2009-2301"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-039"
}
]
},
"id": "VAR-200907-0123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39747"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:39:16.866000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.radware.com"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.radware.co.jp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39747"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"db": "NVD",
"id": "CVE-2009-2301"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/504682/100/0/threaded"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/504682/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2301"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2301"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39747"
},
{
"db": "BID",
"id": "79455"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"db": "NVD",
"id": "CVE-2009-2301"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-039"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-39747"
},
{
"db": "BID",
"id": "79455"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"db": "NVD",
"id": "CVE-2009-2301"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-039"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-39747"
},
{
"date": "2009-07-02T00:00:00",
"db": "BID",
"id": "79455"
},
{
"date": "2011-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"date": "2009-07-02T10:30:00.453000",
"db": "NVD",
"id": "CVE-2009-2301"
},
{
"date": "2009-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200907-039"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-39747"
},
{
"date": "2009-07-02T00:00:00",
"db": "BID",
"id": "79455"
},
{
"date": "2011-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"date": "2018-10-10T19:39:34.227000",
"db": "NVD",
"id": "CVE-2009-2301"
},
{
"date": "2009-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200907-039"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200907-039"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AppWall Web Application Firewall and Gateway Vulnerabilities in which source code can be read",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200907-039"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…