HTTP content scanning systems full-width/half-width Unicode encoding bypass

2007-05-14T00:00:00
ID VU:739224
Type cert
Reporter CERT
Modified 2009-04-22T00:00:00

Description

Overview

Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. This may allow malicious HTTP traffic to bypass content scanning systems.

Description

Full-width and half-width encoding is a technique for encoding Unicode characters. Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded HTTP traffic. By sending specially-crafted HTTP traffic to a vulnerable content scanning system, an attacker may be able to bypass that content scanning system.


Impact

A remote, unauthenticated attacker may be able to bypass HTTP content scanning systems.


Solution

Check with your vendor

Refer to the Systems Affected section of this document for information about specific vendors regarding this issue.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
3com, Inc.| | 16 Apr 2007| 17 May 2007
Cisco Systems, Inc.| | 16 Apr 2007| 15 May 2007
Internet Security Systems, Inc.| | 16 Apr 2007| 16 May 2007
McAfee| | 16 Apr 2007| 23 May 2007
Novell, Inc.| | 16 Apr 2007| 07 Sep 2007
Secure Computing Network Security Division| | 16 Apr 2007| 01 Aug 2007
Stonesoft| | 16 Apr 2007| 22 May 2007
TippingPoint, Technologies, Inc.| | 16 Apr 2007| 17 May 2007
Apple Computer, Inc.| | 16 Apr 2007| 24 Apr 2007
EMC, Inc. (formerly Data General Corporation)| | 16 Apr 2007| 23 May 2007
Enterasys Networks| | 16 Apr 2007| 29 Aug 2007
Extreme Networks| | 16 Apr 2007| 22 Apr 2009
F5 Networks, Inc.| | 16 Apr 2007| 19 Jun 2007
Force10 Networks, Inc.| | 16 Apr 2007| 17 May 2007
Hewlett-Packard Company| | 16 Apr 2007| 18 Apr 2007
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://www.gamasec.net/english/gs07-01.html>
  • <http://www.unicode.org/charts/PDF/UFF00.pdf>
  • <http://secunia.com/advisories/25285/>
  • <http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml>
  • <http://secunia.com/advisories/25302/>
  • <http://www.frsirt.com/english/advisories/2007/1817>
  • <http://www.securityfocus.com/infocus/1232>
  • <http://xforce.iss.net/xforce/alerts/id/advise68>
  • <https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html>
  • <http://secunia.com/advisories/26692/>
  • <http://secunia.com/advisories/27455/>

Credit

This issue was reported by Fatih Ozavci and Caglar Cakici of Gamasec Security .

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: Unknown
  • Date Public: 14 May 2007
  • Date First Published: 14 May 2007
  • Date Last Updated: 22 Apr 2009
  • Severity Metric: 1.76
  • Document Revision: 24