Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0669

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0669
Last Modified 05 Sep 2008 04:24:39
Published 30 Oct 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0669

Summary

Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.

Vulnerable Systems

Application

  • Cisco Catalyst 6000 Intrusion Detection System Module

  • Cisco Secure Intrusion Detection System

  • Iss Realsecure Network Sensor 5.x

  • Iss Realsecure Network Sensor 6.x

  • Iss Realsecure Server Sensor 5.5

  • Iss Realsecure Server Sensor 6.0

  • Snort 1.8.1


References

CERT-VN - VU#548515

ISS - 20010905 Multiple Vendor IDS Unicode Bypass Vulnerability

CISCO - 20010905 Cisco Secure Intrusion Detection System Signature Obfuscation Vulnerability

BUGTRAQ - 20010905 %u encoding IDS bypass vulnerability

BID - 3292


Last Updated: 27 May 2016 10:36:21