SOL7009 - Statement on ACL bypass using trailing NULL byte - MNIN/NNL Advisory

ID SOL7009
Type f5
Reporter f5
Modified 2015-03-26T00:00:00


A January 2007 security advisory describes several security issues present in some versions of FirePass software. One section in the document, titled ACL Filter bypass with URL de-normalization, states that Portal Access ACL filters can be bypassed if a user appends a trailing NULL byte after the requested URL. At this time, F5 has not received supporting documentation for this claim. Additionally, after testing and code review, F5 has not reproduced this issue.

At this time, F5 does not consider the FirePass controller to be vulnerable to the scenario described in the advisory.

Information about this advisory is available at the following location: