what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

radware AppWall Source Disclosure

radware AppWall Source Disclosure
Posted Jul 1, 2009
Authored by Michael Kirchner, Lukas Nothdurfter, Wolfgang Neudorfer

The radware AppWall Web Application Firewall suffers from a source code disclosure vulnerability on the management interface. Gateway version 4.6.0.2 and AppWall version 1.0.2.6 are affected.

tags | advisory, web, info disclosure
SHA-256 | ebbeea0950171e622c7bc542b1f4ad855b5faa91b899e0552ab2e02824b79374

radware AppWall Source Disclosure

Change Mirror Download

Security Advisory
---------------------------------------
Vulnerable Software: radware AppWall Web Application Firewall
Vulnerable Version: Gateway Version 4.6.0.2 / AppWall Version
1.0.2.6
Homepage: http://www.radware.com/
Found by: Michael Kirchner, Wolfgang Neudorfer,
Lukas Nothdurfter (Team h4ck!nb3rg)
Impact: Source code disclosure on management interface


Product Description
---------------------------------------
Radware's AppWall is a Web application firewall (WAF) appliance that
secures Web applications. It enables PCI compliance by mitigating Web
application security threats and vulnerabilities to prevent data theft
and manipulation of sensitive corporate and customer information.
AppWall incorporates advanced, patent-protected Web application security
filtering technologies to seamlessly detect threats, block attacks and
report events.
[Source:
http://www.radware.com/Products/ApplicationDelivery/AppWall/default.aspx
]


Vulnerability Description
---------------------------------------
The radware AppWall Web Application Firewall operates as a reverse proxy
between the clients and the web server to be protected. All HTTP
requests are checked before being forwarded to the web server. The
system can be administered via a seperate management interface which is
normally not accessible for external users. The web interface is
realised using the PHP programming language. Some of the functionality
is stored in include files and embedded when needed. The files have a
*.inc extension and are not interpreted by the web server. A
user/attacker with access to the web management interface can therefore
access parts of the product source code by requesting the included files
directly.


Proof of Conept
---------------------------------------
The following example requests reveal product source code enabling an
attacker to search for further implementation vulnerabilities:
https://appwall/Management/funcs.inc
https://appwall/Management/defines.inc
https://appwall/Management/msg.inc


Vulnerable Versions
---------------------------------------
The tested version was Gateway Version 4.6.0.2 / AppWall Version
1.0.2.6. Prior versions are also likely to be vulnerable.


Patch
---------------------------------------
Currently we are not aware of any patch or update available.


Contact Timeline
---------------------------------------
2009-06-01: Vendor informed
2009-06-15: No response yet. Vendor contacted again.
2009-06-15: Initial vendor reply (Support ticket opened)
2009-07-01: No response yet as far as the vulnerability is concerned.
Public release


Further information
---------------------------------------
Information about the web application firewall project this advisory
originates from can be found at:
http://www.h4ck1nb3rg.at/wafs/

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close