Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. This may allow malicious HTTP traffic to bypass content scanning systems.
Full-width and half-width encoding is a technique for encoding Unicode characters. Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded HTTP traffic. By sending specially-crafted HTTP traffic to a vulnerable content scanning system, an attacker may be able to bypass that content scanning system.
A remote, unauthenticated attacker may be able to bypass HTTP content scanning systems.
Check with your vendor
Refer to the Systems Affected section of this document for information about specific vendors regarding this issue.
This issue was reported by Fatih Ozavci and Caglar Cakici of Gamasec Security
|Date First Published:||2007-05-14|
|Date Last Updated:||2009-04-22 18:54 UTC|