CVE-2009-2299 - OpenCVE

The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Http Server
Hyperguard Web Application Firewall Project	Hyperguard Web Application Firewall

Configuration 1 [-]

AND

OR	cpe:2.3:a:hyperguard_web_application_firewall_project:hyperguard_web_application_firewall::::::::
	cpe:2.3:a:hyperguard_web_application_firewall_project:hyperguard_web_application_firewall::::::::
	cpe:2.3:a:hyperguard_web_application_firewall_project:hyperguard_web_application_firewall::::::::

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/35645
http://www.h4ck1nb3rg.at/wafs/advisory_artofdefence_hyperguard_200907.txt
http://www.securityfocus.com/archive/1/504680/100/0/threaded

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-07-02T10:00:00

Updated: 2024-08-07T05:44:55.895Z

Reserved: 2009-07-02T00:00:00

Link: CVE-2009-2299

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2009-07-02T10:30:00.407

Modified: 2020-11-16T20:48:00.137

Link: CVE-2009-2299

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-07-01T00:00:00", "descriptions": [{"lang": "en", "value": "The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.h4ck1nb3rg.at/wafs/advisory_artofdefence_hyperguard_200907.txt"}, {"name": "20090701 Artofdefence Hyperguard Web Application Firewall: Remote Denial of Service", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/504680/100/0/threaded"}, {"name": "35645", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35645"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2299", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.h4ck1nb3rg.at/wafs/advisory_artofdefence_hyperguard_200907.txt", "refsource": "MISC", "url": "http://www.h4ck1nb3rg.at/wafs/advisory_artofdefence_hyperguard_200907.txt"}, {"name": "20090701 Artofdefence Hyperguard Web Application Firewall: Remote Denial of Service", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/504680/100/0/threaded"}, {"name": "35645", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35645"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:44:55.895Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.h4ck1nb3rg.at/wafs/advisory_artofdefence_hyperguard_200907.txt"}, {"name": "20090701 Artofdefence Hyperguard Web Application Firewall: Remote Denial of Service", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/504680/100/0/threaded"}, {"name": "35645", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35645"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2299", "datePublished": "2009-07-02T10:00:00", "dateReserved": "2009-07-02T00:00:00", "dateUpdated": "2024-08-07T05:44:55.895Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hyperguard_web_application_firewall_project:hyperguard_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "1807EA11-DBA6-4364-899B-F62D6DE88057", "versionEndExcluding": "2.5.5-11635", "vulnerable": true}, {"criteria": "cpe:2.3:a:hyperguard_web_application_firewall_project:hyperguard_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AD94D69-DD65-4C4B-A0D9-BAE8B4461869", "versionEndExcluding": "3.0.3-11636", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hyperguard_web_application_firewall_project:hyperguard_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "78A4B7DB-F76E-422F-B6FD-23560E828BAF", "versionEndExcluding": "3.1.1-11637", "versionStartIncluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A6CD1F4-4C0E-4989-A2B3-DC086E8E80A3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data."}, {"lang": "es", "value": "Artofdefence Hyperguard Web Application Firewall (WAF) m\u00f3dulo anterior a v2.5.5-11635, v3.0 anterior a v3.0.3-11636, y v3.1 anteriores a v3.1.1-11637, un m\u00f3dulo para el Apache HTTP Server, permite a loa atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de una petici\u00f3n HTTP con un valor largo Content-Length pero no datos POST."}], "id": "CVE-2009-2299", "lastModified": "2020-11-16T20:48:00.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-07-02T10:30:00.407", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35645"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.h4ck1nb3rg.at/wafs/advisory_artofdefence_hyperguard_200907.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/504680/100/0/threaded"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}