Unrated severityNVD Advisory· Published Feb 10, 2009· Updated Apr 23, 2026

CVE-2009-0468

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via parameters in the query string.

Affected products

Armorlogic/Profense Web Application Firewall2 versions
cpe:2.3:a:armorlogic:profense_web_application_firewall:2.6.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:armorlogic:profense_web_application_firewall:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:armorlogic:profense_web_application_firewall:2.6.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/33523nvdExploit
secunia.com/advisories/33739nvdVendor Advisory
osvdb.org/51660nvd
www.exploit-db.com/exploits/7919nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000