Search criteria
3 vulnerabilities found for appwall by radware
VAR-200907-0123
Vulnerability from variot - Updated: 2025-04-10 23:11The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/. Gateway is prone to a remote security vulnerability. Radware AppWall is a hardware Web Application Firewall (WAF). The radware AppWall firewall operates as a reverse proxy between the client and the protected web server. All HTTP requests are inspected before being forwarded to the web server. The device can be managed through a separate management page that is normally inaccessible to external users. This web page is implemented using the PHP programming language. Some functions are stored in include files and embedded when needed. Because web servers do not interpret files with the extension *.inc, users with access to the management interface can access portions of the product source code by directly requesting the included files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200907-0123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "eq",
"trust": 1.8,
"vendor": "radware",
"version": "4.6.0.2"
},
{
"model": "appwall",
"scope": "eq",
"trust": 1.6,
"vendor": "radware",
"version": "1.0.2.6"
},
{
"model": "appwall web application firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "radware",
"version": "1.0.2.6"
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "radware",
"version": "4.6.2"
},
{
"model": "appwall",
"scope": "eq",
"trust": 0.3,
"vendor": "radware",
"version": "1.0.26"
}
],
"sources": [
{
"db": "BID",
"id": "79455"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-039"
},
{
"db": "NVD",
"id": "CVE-2009-2301"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:radware:appwall",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:radware:gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Kirchner",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200907-039"
}
],
"trust": 0.6
},
"cve": "CVE-2009-2301",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-2301",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-39747",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-2301",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-2301",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200907-039",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-39747",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39747"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-039"
},
{
"db": "NVD",
"id": "CVE-2009-2301"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/. Gateway is prone to a remote security vulnerability. Radware AppWall is a hardware Web Application Firewall (WAF). The radware AppWall firewall operates as a reverse proxy between the client and the protected web server. All HTTP requests are inspected before being forwarded to the web server. The device can be managed through a separate management page that is normally inaccessible to external users. This web page is implemented using the PHP programming language. Some functions are stored in include files and embedded when needed. Because web servers do not interpret files with the extension *.inc, users with access to the management interface can access portions of the product source code by directly requesting the included files",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2301"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"db": "BID",
"id": "79455"
},
{
"db": "VULHUB",
"id": "VHN-39747"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2301",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002657",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20090701 RADWARE APPWALL WEB APPLICATION FIREWALL: SOURCE CODE DISCLOSURE ON MANAGEMENT INTERFACE",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200907-039",
"trust": 0.6
},
{
"db": "BID",
"id": "79455",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-39747",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39747"
},
{
"db": "BID",
"id": "79455"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-039"
},
{
"db": "NVD",
"id": "CVE-2009-2301"
}
]
},
"id": "VAR-200907-0123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39747"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:11:15.164000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.radware.com"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.radware.co.jp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39747"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"db": "NVD",
"id": "CVE-2009-2301"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/504682/100/0/threaded"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/504682/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2301"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2301"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39747"
},
{
"db": "BID",
"id": "79455"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-039"
},
{
"db": "NVD",
"id": "CVE-2009-2301"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-39747"
},
{
"db": "BID",
"id": "79455"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-039"
},
{
"db": "NVD",
"id": "CVE-2009-2301"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-39747"
},
{
"date": "2009-07-02T00:00:00",
"db": "BID",
"id": "79455"
},
{
"date": "2011-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"date": "2009-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200907-039"
},
{
"date": "2009-07-02T10:30:00.453000",
"db": "NVD",
"id": "CVE-2009-2301"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-39747"
},
{
"date": "2009-07-02T00:00:00",
"db": "BID",
"id": "79455"
},
{
"date": "2011-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002657"
},
{
"date": "2009-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200907-039"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-2301"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200907-039"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AppWall Web Application Firewall and Gateway Vulnerabilities in which source code can be read",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002657"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200907-039"
}
],
"trust": 0.6
}
}
CVE-2009-2301 (GCVE-0-2009-2301)
Vulnerability from nvd – Published: 2009-07-02 10:00 – Updated: 2024-08-07 05:44
VLAI?
Summary
The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090701 radware AppWall Web Application Firewall: Source code disclosure on management interface",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504682/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090701 radware AppWall Web Application Firewall: Source code disclosure on management interface",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504682/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090701 radware AppWall Web Application Firewall: Source code disclosure on management interface",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504682/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2301",
"datePublished": "2009-07-02T10:00:00",
"dateReserved": "2009-07-02T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2301 (GCVE-0-2009-2301)
Vulnerability from cvelistv5 – Published: 2009-07-02 10:00 – Updated: 2024-08-07 05:44
VLAI?
Summary
The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090701 radware AppWall Web Application Firewall: Source code disclosure on management interface",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504682/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090701 radware AppWall Web Application Firewall: Source code disclosure on management interface",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504682/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090701 radware AppWall Web Application Firewall: Source code disclosure on management interface",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504682/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2301",
"datePublished": "2009-07-02T10:00:00",
"dateReserved": "2009-07-02T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}