CVE-2001-1465

2022-10-0316:22:34

mitre

www.cve.org

surfcontrol superscout

filter bypass

http

vulnerability

fragmenting packets

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements.

References

securitytracker.com/id?1001801

www.kb.cert.org/vuls/id/139315