CVE-2002-0209

Name of the Vulnerable Software and Affected Versions Nortel Alteon ACEdirector WebOS version 9.0

Description The issue allows remote attackers to determine the real IP address of a web server with a half-closed session. This occurs when the Server Load Balancing (SLB) and Cookie-Based Persistence features are enabled, causing ACEdirector to send packets from the server without changing the address to the virtual IP address.

Recommendations For Nortel Alteon ACEdirector WebOS version 9.0, consider disabling the Cookie-Based Persistence feature as a temporary workaround to minimize the risk of exploitation. Restrict access to the Server Load Balancing (SLB) feature until a fix is available.