VYPR
Vendor

Armorlogic

Products
2
CVEs
5
Across products
7
Status
Private

Products

2

Recent CVEs

5
  • CVE-2009-1593May 21, 2009
    risk 0.03cvss epss 0.02

    Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element.

  • CVE-2009-0468Feb 10, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network…

  • CVE-2009-0467Feb 10, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action.

  • CVE-2009-1745May 21, 2009
    risk 0.00cvss epss 0.02

    Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access.

  • CVE-2009-1594May 21, 2009
    risk 0.00cvss epss 0.01

    Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site…