VAR-200909-0292
Vulnerability from variot - Updated: 2023-12-18 12:58Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159. Cisco Application Control Engine (ACE) XML Gateway is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that can aid in further attacks. This issue is being tracked by Cisco Bug CSCtb82159. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
The weakness is caused due to error messages generated as responses to unsupported HTTP requests including a client's normally hidden, internal IP address. This can be exploited to disclose the IP address of e.g. an internal load balancer via e.g. an OPTIONS HTTP request.
SOLUTION: The weakness will reportedly be fixed in system software version 6.1, expected to be available in November 2009.
Remove IP addresses from outgoing HTTP error messages by using a web proxy.
PROVIDED AND/OR DISCOVERED BY: nitr\xd8us (Alejandro Hernandez H.), CubilFelino Security Research Lab
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20090925-axg.shtml
CubilFelino Security Research Lab: http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200909-0292",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ace web application firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0\\(0\\)"
},
{
"model": "ace xml gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0\\(0\\)"
},
{
"model": "ace web application firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0\\(2\\)"
},
{
"model": "ace xml gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0\\(2\\)"
},
{
"model": "ace web application firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0\\(1\\)"
},
{
"model": "ace xml gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0\\(1\\)"
},
{
"model": "ace xml gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(3\\)"
},
{
"model": "ace web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(3\\)"
},
{
"model": "ace web application firewall",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "ace xml gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "ace web application firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.0\\(3\\)"
},
{
"model": "ace xml gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.0\\(3\\)"
},
{
"model": "application control engine xml gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "application control engine web app. firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "ace xml gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "application control engine xml gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "application control engine web app. firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
}
],
"sources": [
{
"db": "BID",
"id": "36522"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003800"
},
{
"db": "NVD",
"id": "CVE-2009-3457"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-056"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ace_web_application_firewall:6.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ace_web_application_firewall:6.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ace_xml_gateway:6.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ace_xml_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0\\(3\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ace_xml_gateway:6.0\\(0\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ace_xml_gateway:6.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ace_web_application_firewall:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0\\(3\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ace_web_application_firewall:6.0\\(0\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3457"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alejandro Hernandez H. nitrousenador@gmail.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200910-056"
}
],
"trust": 0.6
},
"cve": "CVE-2009-3457",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-3457",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-40903",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-3457",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200910-056",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-40903",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40903"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003800"
},
{
"db": "NVD",
"id": "CVE-2009-3457"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-056"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159. Cisco Application Control Engine (ACE) XML Gateway is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that can aid in further attacks. \nThis issue is being tracked by Cisco Bug CSCtb82159. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nThe weakness is caused due to error messages generated as responses\nto unsupported HTTP requests including a client\u0027s normally hidden,\ninternal IP address. This can be exploited to disclose the IP address\nof e.g. an internal load balancer via e.g. an OPTIONS HTTP request. \n\nSOLUTION:\nThe weakness will reportedly be fixed in system software version 6.1,\nexpected to be available in November 2009. \n\nRemove IP addresses from outgoing HTTP error messages by using a web\nproxy. \n\nPROVIDED AND/OR DISCOVERED BY:\nnitr\\xd8us (Alejandro Hernandez H.), CubilFelino Security Research Lab\n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sr-20090925-axg.shtml\n\nCubilFelino Security Research Lab:\nhttp://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3457"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003800"
},
{
"db": "BID",
"id": "36522"
},
{
"db": "VULHUB",
"id": "VHN-40903"
},
{
"db": "PACKETSTORM",
"id": "81682"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-40903",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40903"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-3457",
"trust": 2.8
},
{
"db": "BID",
"id": "36522",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "36879",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2009-2778",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1022949",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003800",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200910-056",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20090925 UNMATCHED REQUEST DISCLOSES CLIENT INTERNAL IP ADDRESS",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20090924 CISCO ACE XML GATEWAY \u003c= 6.0 INTERNAL IP DISCLOSURE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090925 CISCO ACE XML GATEWAY \u003c= 6.0 INTERNAL IP DISCLOSURE",
"trust": 0.6
},
{
"db": "XF",
"id": "53482",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-67014",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "10000",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-40903",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81682",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40903"
},
{
"db": "BID",
"id": "36522"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003800"
},
{
"db": "PACKETSTORM",
"id": "81682"
},
{
"db": "NVD",
"id": "CVE-2009-3457"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-056"
}
]
},
"id": "VAR-200909-0292",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-40903"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:58:35.580000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Document ID: 600",
"trust": 0.8,
"url": "http://www.cisco.com/en/us/products/csr/cisco-sr-20090925-axg.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-003800"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40903"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003800"
},
{
"db": "NVD",
"id": "CVE-2009-3457"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/36522"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/products/products_security_response09186a0080af8965.html"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2009/sep/0369.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1022949"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/36879"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/2778"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/506716/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53482"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3457"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3457"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/53482"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/506716/100/0/threaded"
},
{
"trust": 0.4,
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20090925-axg.shtml"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps7314/"
},
{
"trust": 0.3,
"url": "/archive/1/506716"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36879/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40903"
},
{
"db": "BID",
"id": "36522"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003800"
},
{
"db": "PACKETSTORM",
"id": "81682"
},
{
"db": "NVD",
"id": "CVE-2009-3457"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-056"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-40903"
},
{
"db": "BID",
"id": "36522"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003800"
},
{
"db": "PACKETSTORM",
"id": "81682"
},
{
"db": "NVD",
"id": "CVE-2009-3457"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-056"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-40903"
},
{
"date": "2009-09-25T00:00:00",
"db": "BID",
"id": "36522"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-003800"
},
{
"date": "2009-09-28T05:54:18",
"db": "PACKETSTORM",
"id": "81682"
},
{
"date": "2009-09-29T18:00:00.407000",
"db": "NVD",
"id": "CVE-2009-3457"
},
{
"date": "2009-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-056"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-40903"
},
{
"date": "2015-04-13T21:06:00",
"db": "BID",
"id": "36522"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-003800"
},
{
"date": "2018-10-10T19:43:34.033000",
"db": "NVD",
"id": "CVE-2009-3457"
},
{
"date": "2009-10-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-056"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200910-056"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco AXG Vulnerabilities that collect important information",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-003800"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200910-056"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…