Security Information and Review

Collection of security information and review

Phion Airlock : Web Application Security and Vulnerability

Author : Admin

One of the famous web application firewall is Phion Airlock. It’s web application firewall which will protect and prevent attacker to access data.  Airlock web application firewall ( WAF ) provides a unique combination of protective mechanisms for web applications. Whether you want to observe PCI DSS, safeguard online banking or protect e-commerce applications: Airlock ensures sustained and manageable web application security.


The Phion Airlock web application firewall provides an application security gateway, which protects web applications against attacks. The product is completely independent from application or web servers, so security enforcement tasks are outsourced. phion airlock is a software appliance, which makes it possible to also run it in a virtualized environment. As the analyzing tasks are very load intensive, dedicated hardware is recommended. Airlock is a software appliance based on Sun Solaris 10 and is operate as secure reverse proxy technology with optional Single Sign On ( SSO ) authentication and access control capabilities. Airlock is designed and marketed by Phion that started as the brainchild of three young, Wieland Alge, Klaus Gheri and Peter Marte in 2000.

Phion Airlock WAF

Phion Airlock WAF


Airlock secure system architecture is based on a strict zone separation and multi level filtering. Every web access request passes the web application firewall which then verified and validates it before transferring it to the next filter layer and finally to the web application server. Illegal requests are eliminated at every filter level.


The Airlock System Management can be administeres via a separate management interface which normally not accessible for external users. By sending a specially crafted HTTP GET request an attacker with access to the management interface ( but no authentication needed ) is able to conduct a denial of service attack. The vendor describes the vulnerability as follows:


The Airlock Configuration Center shows many system monitoring charts to check the system status and history. These images are generated on the fly by a CGI script, and the image size is part of the URL parameter. Unreasonably large values for the width and height parameters will cause excessive resource consumption. Depending on the actual load and the memory available, the system will be out-of-service for some minutes or crash completely, making a reboot necessary.



A denial of service or execution of arbitrary system commands can be accomplished by a single HTTP request if an attacker can reach the management interface IP address of the WAF. This advisory originates from can be found at

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati
  • YahooMyWeb
  • Slashdot
  • StumbleUpon
Categories: Web Application Security
If you like this posts, please leave messages / comments.