F-Secure Information for VU#868219
Multiple vendors' HTTP content/virus scanners do not check data tunneled via HTTP CONNECT method
- Vendor Information Help Date Notified: 19 Apr 2002
- Statement Date:
- Date Updated: 05 Jun 2002
F-Secure products are not vulnerable.
We do not have a product implemented as HTTP proxy. FSAV for Firewalls is designed to scan HTTP traffic, and works in conjunction with a CVP-compliant firewall such as Check Point FireWall-1, Cyberguard, etc.
Customers using FSAV for Firewalls should check if their firewall software is affected and contact the firewall vendor to get a patch/workaround.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.