Armorlogic Profense Web Application Firewall prior to 2.2.22, and 2.4.x prior to 2.4.4, does not properly implement the "positive model," which allows remote malicious users to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
armorlogic profense web application firewall 2.4 |
||
armorlogic profense web application firewall |