1 +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
2 −+
3 | ....... |
4 | ..’’xxxxxxxxxxxxxxx’... |
5 | ..’xxxxxxxxxxxxxxxxxxxxxxxxxxx.. |
6 | ..’xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx’. |
7 | .’xxxxxxxxxxxxxxxxxxxxxxxxxxxx’’’.......’. |
8 | .’xxxxxxxxxxxxxxxxxxxxx’’...... ... .. |
9 | .xxxxxxxxxxxxxxxxxx’... ........ .’. |
10 | ’xxxxxxxxxxxxxxx’...... ’. |
11 | ’xxxxxxxxxxxxxx’..’x.. .x. |
12 | .xxxxxxxxxxxx’...’.. ... .’ |
13 | ’xxxxxxxxx’.. . .. .x. |
14 | xxxxxxx’. .. x. |
15 | xxxx’. .... x x. |
16 | ’x’. ...’xxxxxxx’. x .x. |
17 | .x’. .’xxxxxxxxxxxxxx. ’’ .’ |
18 | .xx. .’xxxxxxxxxxxxxxxx. .’xx’’’. .’ |
19 | .xx.. ’xxxxxxxxxxxxxxxx’ .’xxxxxxxxx’’. |
20 | .’xx’. .’xxxxxxxxxxxxxxx. ..’xxxxxxxxxxxx’ |
21 | .xxx’. .xxxxxxxxxxxx’. .’xxxxxxxxxxxxxx’. |
22 | .xxxx’.’xxxxxxxxx’. xxx’xxxxxxxxxx’. |
23 | .’xxxxxxx’.... ...xxxxxxx’. |
24 | ..’xxxxx’.. ..xxxxx’.. |
25 | ....’xx’.....’’’’... |
26 | |
27 | CubilFelino Security Research Lab |
28 | proudly presents... |
29 +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
30 −+
31
32 Vulnerability Information
33 =======================================
34 Product: Cisco ACE XML Gateway <= 6.0
35 Vulnerabily: Internal IP Address Disclosure
36 Vendor: Cisco Systems, Inc. http://www.cisco.com
37 Product URL: http://www.cisco.com/en/US/products/ps7314/
38 Author: nitrØus [ Alejandro Hernandez H. ]
39 Discovery Date: 24/Aug/2009
40 Attack Vector: Remote
41 CVSS v2 Base Score: 5 (Medium) [ AV:N/AC:L/Au:N/C:P/I:N/A:N ]
42 Class: I think, it’s a Design problem on the error messages’ handling
43
44 Product Information
45 =======================================
46 The Cisco ACE XML Gateway is a key component of the Cisco Application Control
47 Engine (ACE) family of products. It brings application intelligence into the
48 network and enables efficient deployment of secure, reliable, and accelerated
49 Web service environments based on XML (Extensible Markup Language) and SOAP
50 (Simple Object Access Protocol) using a shared network inf