CVE-2009-2300

Name of the Vulnerable Software and Affected Versions phion airlock Web Application Firewall (WAF) versions 4.1 through 10.41

Description The management interface in the phion airlock Web Application Firewall (WAF) does not properly handle CGI requests with large width and height parameters for an image. This allows remote attackers to execute arbitrary commands or cause a denial of service due to resource consumption via a crafted request.

Recommendations For versions 4.1 through 10.41, consider restricting access to the management interface to minimize the risk of exploitation. As a temporary workaround, avoid using the width and height parameters in image requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.