Unrated severityNVD Advisory· Published Sep 29, 2009· Updated Jun 16, 2026
CVE-2009-3457
CVE-2009-3457
Description
Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:h:cisco:ace_web_application_firewall:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:h:cisco:ace_web_application_firewall:*:*:*:*:*:*:*:*range: <=6.0\(3\)
- cpe:2.3:h:cisco:ace_web_application_firewall:6.0\(0\):*:*:*:*:*:*:*
- cpe:2.3:h:cisco:ace_web_application_firewall:6.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:h:cisco:ace_web_application_firewall:6.0\(2\):*:*:*:*:*:*:*
- (no CPE)range: <6.1
cpe:2.3:h:cisco:ace_xml_gateway:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:h:cisco:ace_xml_gateway:*:*:*:*:*:*:*:*range: <=6.0\(3\)
- cpe:2.3:h:cisco:ace_xml_gateway:6.0\(0\):*:*:*:*:*:*:*
- cpe:2.3:h:cisco:ace_xml_gateway:6.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:h:cisco:ace_xml_gateway:6.0\(2\):*:*:*:*:*:*:*
- (no CPE)range: <6.1
Patches
Vulnerability mechanics
References
9- seclists.org/fulldisclosure/2009/Sep/0369.htmlnvdExploitPatch
- www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txtnvdExploit
- secunia.com/advisories/36879nvd
- www.cisco.com/en/US/products/products_security_response09186a0080af8965.htmlnvd
- www.securityfocus.com/archive/1/506716/100/0/threadednvd
- www.securityfocus.com/bid/36522nvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2009/2778nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/53482nvd
News mentions
0No linked articles in our index yet.