Preview Tool

Cisco Bug: CSCtb82159 - Unmatched Request Discloses Client Internal IP Address

Last Modified

Feb 22, 2017

Products (2)

  • Cisco ACE XML Gateways
  • Cisco ACE XML Gateway

Known Affected Releases


Description (partial)


When generating a "Message-handling Errors" message, if an appropriate error
handler is not found the response discloses the Cisco ACE XML Gateway (AXG) and
the Cisco ACE Web Application Firewall (WAF) client internal IP address.


All versions prior to system software version 6.1 are vulnerable.

This vulnerability affects the Cisco ACE XML Gateway and the Cisco ACE Web
Application Firewall.  

Though the response by itself does not provide any way to compromise the
device, this behavior discloses potentially valuable information about the
internal network structure.

The disclosed address is not the address of the AXG or WAF, it is an address of
its client, which in many cases is a load balancer.  The Internal IP address is
included in the message-handling errors response if AXG or WAF was not able to
find a matching handler for the request. 



Further Problem Description

System software version 6.1 is expected to be available in November 2009.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.