ISS Security Alert: Multiple Vendor IDS Unicode Bypass Vulnerability

Internet Security Systems Security Alert September 5, 2001 Multiple Vendor IDS Unicode Bypass Vulnerability Synopsis: ISS X-Force is aware of a vulnerability in many commercial and open- source IDS Intrusion Detection System products that may allow attackers to evade detection. Microsoft Web serv...

Обход многих IDS через Unicode (protection bypass)

Используя Unicode-кодирование во многих протоколах возможно обойти защиту IDS...

Cisco Secure IDS 2.0/3.0 / Snort 1.x / ISS RealSecure 5/6 / NFR 5.0 - Encoded IIS Detection Evasion

source: https://www.securityfocus.com/bid/3292/info The Microsoft IIS web server supports a non-standard method of encoding web requests. Because this method is non-standard, intrusion detection systems may not detect attacks encoded using this method. This vulnerability only affects intrusion...

CVE-2001-0709

Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode...

CVE-2001-0709

Vulnerability summary (CVE-2001-0709): Microsoft IIS 4.0 and earlier, when installed on a FAT partition, is susceptible to remote disclosure of ASP source code. An attacker can obtain the source by requesting a URL encoded with Unicode. The description in the provided documents confirms the expos...

CVE-2001-1455

Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters...

CVE-2001-0521

Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding of SCRIPT tags within the HTML document...

CVE-2001-0601

Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters...

Обход Trend Micro AppletTrap (protection bypass)

Можно обойти защиту от Javascript Используя Unicode - кодировку...

CVE-2001-0521

Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding of SCRIPT tags within the HTML document...

CVE-2001-0601

Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters...

CVE-2001-0521

CVE-2001-0521 affects Aladdin eSafe Gateway versions 3.0 and earlier. The issue allows a remote attacker to bypass the gateway’s HTML SCRIPT filtering by using Unicode-encoded SCRIPT tags within the HTML document. This describes a filtering bypass in the web gateway; the documents do not provide ...

CVE-2001-0601

CVE-2001-0601 affects Lotus Domino R5 before 5.0.7. The vulnerability allows a remote attacker to cause a denial of service by sending HTTP requests that contain certain combinations of UNICODE characters. The DoS is related to availability impact and is described as partial. Root cause is proces...

Lotus Domino vulnerable to DoS via crafted unicode GET request

Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service situation. Description Sending a crafted GET request containing numerous unicode characters can trigger a server exception that will crash the Domino server. If qnc.exe is removed from the...

Aladdin eSafe Gateway Script-filtering Bypass through Unicode Vulnerability

29 May 2001 This is the third of 3 sequential advisories we are issuing regarding Aladdin eSafe Gateway. Status -------- The entire content of this advisory was reviewed and acknowledged by Aladdin. Product Background -------------------------- eSafe Gateway is an Internet Content Security produc...

Aladdin Knowledge Systems eSafe Gateway 3.0 - Unicode Script-filtering Bypass

Aladdin Knowledge Systems eSafe Gateway 3.0 - Unicode Script-filtering Bypass source: https://www.securityfocus.com/bid/2801/info eSafe Gateway is a security utility used for filtering internet content. An html file may be crafted to bypass the script-filtering feature offered by eSafe Gateway...

Aladdin Knowledge Systems eSafe Gateway 3.0 - Unicode Script-filtering Bypass

source: https://www.securityfocus.com/bid/2801/info eSafe Gateway is a security utility used for filtering internet content. An html file may be crafted to bypass the script-filtering feature offered by eSafe Gateway. This is done by simply encoding the tag in Unicode format, such that the filter...

Vulnerability discovered in SpearHead NetGap

Background --------------- SpearHead's NetGAP™ appliance physically disconnects a company's network from the Internet. The product consists of two separate computers, an Untrusted CPU and a Trusted CPU, that are never directly connected at any given time. NetGap™ includes a content checking engin...

Omnicron OmniHTTPd 2.0.4-8 - File Source Disclosure

Omnicron OmniHTTPd 2.0.4-8 - File Source Disclosure source: https://www.securityfocus.com/bid/2788/info Submitting a specially crafted GET request for a known file .php, .pl, or .shtml, could cause OmniHTTPD to disclose the source code of the requested resource. The GET requested would have to be...

def-2001-14: Bea Weblogic Unicode Directory Browsing

====================================================================== Defcom Labs Advisory def-2001-14 Bea Weblogic Unicode Directory Browsing Author: Peter Grьndl [email protected] Release Date: 2001-03-26 ======================================================================...