Security Advisory

CVE-2009-1594

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-05-21 14:00:00

Last updated 2024-08-07 05:20:34

Assigner mitre

State PUBLISHED

Description

Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL.

← Browse all CVEs View on cve.org ↗