← Back

Profense Web Application Firewall

profense_web_application_firewall

Vendor: Armorlogic • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2009-1745
1Armorlogic
1Profense Web Application Firewall
Apr 23, 2026
May 21, 2009
N/A· v4
N/A· v3
10.0 HIGH· v2
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain...Show more
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access.Show less
CVE-2009-1594
1Armorlogic
1Profense Web Application Firewall
Apr 23, 2026
May 21, 2009
N/A· v4
N/A· v3
7.5 HIGH· v2
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encod...Show more
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL.Show less
CVE-2009-1593
1Armorlogic
1Profense Web Application Firewall
Apr 23, 2026
May 21, 2009
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modi...Show more
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element.Show less
CVE-2009-0468
1Armorlogic
1Profense Web Application Firewall
Apr 23, 2026
Feb 10, 2009
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shu...Show more
Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via parameters in the query string.Show less
CVE-2009-0467
1Armorlogic
1Profense Web Application Firewall
Apr 23, 2026
Feb 10, 2009
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage acti...Show more
Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action.Show less