Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2001-0669
HistoryOct 30, 2001 - 5:00 a.m.

CVE-2001-0669

2001-10-3005:00:00
NVD-CWE-Other
[email protected]
web.nvd.nist.gov
26
intrusion detection system
ids
security vulnerability
unicode encoding evasion
http attacks
cve-2001-0669.

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.072 Low

EPSS

Percentile

94.0%

JSON

Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard “%u” Unicode encoding of ASCII characters in the requested URL.

Related

cert 1
securityvulns 1
cert
cert
Multiple intrusion detection systems may be circumvented via %u encoding
2001-09-07 00:00:00
securityvulns
securityvulns
ISS Security Alert: Multiple Vendor IDS Unicode Bypass Vulnerability
2001-09-06 00:00:00

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.072 Low

EPSS

Percentile

94.0%

JSON
Related for CVE-2001-0669
cert1securityvulns1