Lucene search

[email protected]CVE-2001-1465

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2001-1465

2022-10-0316:22:34

[email protected]

web.nvd.nist.gov

cve-2001-1465

surfcontrol superscout

http get request

host header

packet fragmentation

bypass filtering

vulnerability

information security

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements.

Affected configurations

NVD

Node

surfcontrolsuperscout_web_filter

CPENameOperatorVersion
surfcontrol:superscout_web_filtersurfcontrol superscout web filtereq*

CPE	Name	Operator	Version
surfcontrol:superscout_web_filter	surfcontrol superscout web filter	eq	*

References

securitytracker.com/id?1001801

www.kb.cert.org/vuls/id/139315

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2001-1465

nvd1 cvelist1