CVE-2009-0468

Name of the Vulnerable Software and Affected Versions Profense Web Application Firewall versions 2.6.2 through 2.6.3

Description The issue allows remote attackers to hijack the authentication of administrators for various requests, including shutting down the server, sending ping packets, enabling network services, configuring a proxy server, and modifying other settings. This is achieved via parameters in the query string.

Recommendations For versions 2.6.2 and 2.6.3, consider disabling the ajax.html functionality until a patch is available to prevent exploitation of the cross-site request forgery issue. Restrict access to the administrative interface to minimize the risk of unauthorized requests.