Nitrøus

**Name of the Vulnerable Software and Affected Versions** Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) versions prior to 6.1 **Description** The issue allows remote attackers to obtain sensitive information via an HTTP request that lacks a handler. This can be demonstrated by an OPTIONS request or a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address. **Recommendations** For versions prior to 6.1, update to version 6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP endpoints that handle OPTIONS and GET requests until a patch is available.