Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1026

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1026
Last Modified 05 Sep 2008 04:25:30
Published 09 Jul 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1026

Summary

Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs when they are modified in certain ways such as (1) using a double slash (//) instead of a single slash, (2) URL-encoded characters, (3) requesting the IP address instead of the domain name, or (4) using a leading 0 in an octet of an IP address.

Vulnerable Systems

Application

  • Trend Micro Interscan Applettrap 2.0


References

XF - applettrap-zero-bypass-restrictions(6819)

XF - applettrap-bypass-ip-restrictions(6818)

XF - applettrap-unicode-bypass-filter(6817)

XF - content-slash-bypass-filter(6816)

BUGTRAQ - 20010709 Various problems in Ternd Micro AppletTrap URL filtering

BID - 3000

BID - 2998

BID - 2996


Last Updated: 27 May 2016 10:36:30