Cisco Bug: CSCtb82159 - Unmatched Request Discloses Client Internal IP Address
Sep 23, 2017
- Cisco ACE XML Gateways
- Cisco ACE XML Gateway
Known Affected Releases
Symptom: When generating a "Message-handling Errors" message, if an appropriate error handler is not found the response discloses the Cisco ACE XML Gateway (AXG) and the Cisco ACE Web Application Firewall (WAF) client internal IP address. Conditions: All versions prior to system software version 6.1 are vulnerable. This vulnerability affects the Cisco ACE XML Gateway and the Cisco ACE Web Application Firewall. Though the response by itself does not provide any way to compromise the device, this behavior discloses potentially valuable information about the internal network structure. The disclosed address is not the address of the AXG or WAF, it is an address of its client, which in many cases is a load balancer. The Internal IP address is included in the message-handling errors response if AXG or WAF was not able to find a matching handler for the request. Workaround None Further Problem Description System software version 6.1 is expected to be available in November 2009.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases