CVE-2009-1594

Name of the Vulnerable Software and Affected Versions: Armorlogic Profense Web Application Firewall versions before 2.2.22 Armorlogic Profense Web Application Firewall versions 2.4.x before 2.4.4

Description: The issue allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline) in a URL, such as in a cross-site scripting (XSS) attack. This is due to the improper implementation of the "positive model".

Recommendations: For versions before 2.2.22, update to version 2.2.22 or later to resolve the issue. For versions 2.4.x before 2.4.4, update to version 2.4.4 or later to resolve the issue.