Published: 21/05/2009 Updated: 10/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Armorlogic Profense Web Application Firewall prior to 2.2.22, and 2.4.x prior to 2.4.4, does not properly implement the "negative model," which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element.

Vulnerable Product	Search on Vulmon	Subscribe to Product
armorlogic profense web application firewall 2.4
armorlogic profense web application firewall

source: wwwsecurityfocuscom/bid/35053/info Profense Web Application Firewall is prone to multiple security-bypass vulnerabilities An attacker can exploit these issues to bypass certain security restrictions and perform various web-application attacks Versions *prior to* the following are vulnerable: Profense 244 Profense 2222 h ...

CWE-79 http://resources.enablesecurity.com/advisories/ES-20090500-profense.txt http://www.webappsec.org/lists/websecurity/archive/2009-05/msg00040.html http://www.securityfocus.com/bid/35053 https://exchange.xforce.ibmcloud.com/vulnerabilities/50663 http://www.securityfocus.com/archive/1/503649/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/33002/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-1593

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect