Cisco Security Response

Unmatched Request Discloses Client Internal IP Address

Document ID: 600

http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20090925-axg

Revision 1.0

For Public Release 2009 September 25 16:00  UTC (GMT)


Contents

Response
Additional Information
Status of this Notice: Final
Revision History
Cisco Security Procedures

Cisco Response

This is the Cisco PSIRT response to the statements made by Alejandro Hernandez H. in his advisory: "Cisco ACE XML Gateway <= 6.0 Internal IP disclosure".

The original email/advisory is available at http://seclists.org/fulldisclosure/2009/Sep/0369.html leavingcisco.com

Cisco would like to thank Alejandro Hernandez H. for discovering and reporting this vulnerability to Cisco.

This response is posted at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20090925-axg

Additional Information

This vulnerability is documented in Cisco bug ID: CSCtb82159 ( registered customers only) .

For customers without access to Cisco's Bug Toolkit, the full Release Note for Cisco Bug ID CSCtb82159 has been made available here, as follows: :

Symptom

When generating a "Message-handling Errors" message, if an appropriate error handler is not found, the response discloses the Cisco ACE XML Gateway (AXG) and the Cisco ACE Web Application Firewall (WAF) client internal IP address.

Conditions

All versions prior to system software version 6.1 are vulnerable.

This vulnerability affects the Cisco ACE XML Gateway and the Cisco ACE Web Application Firewall.

Though the response by itself does not provide any way to compromise the device, this behavior discloses potentially valuable information about the internal network structure.

The disclosed address is not the address of the AXG or WAF, it is an address of its client, which in many cases is a load balancer.

The Internal IP address is included in the message-handling errors response if AXG or WAF was not able to find a matching handler for the request.

Workaround

There is currently no workaround for this vulnerability.

Further Problem Description

System software version 6.1 is expected to be available in November 2009.

Status of this Notice: Final

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.


Revision History

Revision 1.0

2009-September-25

Initial public release

Cisco Security Procedures

Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.


Download this document (PDF)
View Printable Version