search menu icon-carat-right cmu-wordmark

CERT Coordination Center

HTTP content scanning systems full-width/half-width Unicode encoding bypass

Vulnerability Note VU#739224

Original Release Date: 2007-05-14 | Last Revised: 2009-04-22

Overview

Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. This may allow malicious HTTP traffic to bypass content scanning systems.

Description

Full-width and half-width encoding is a technique for encoding Unicode characters. Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded HTTP traffic. By sending specially-crafted HTTP traffic to a vulnerable content scanning system, an attacker may be able to bypass that content scanning system.

Impact

A remote, unauthenticated attacker may be able to bypass HTTP content scanning systems.

Solution

Check with your vendor

Refer to the Systems Affected section of this document for information about specific vendors regarding this issue.

Vendor Information

739224
 
Affected   Unknown   Unaffected

3com, Inc.

Notified:  April 16, 2007 Updated:  May 17, 2007

Status

  Vulnerable

Vendor Statement

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

See http://www.3com.com/securityalert/alerts/3COM-07-001.html for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cisco Systems, Inc.

Notified:  April 16, 2007 Updated:  May 15, 2007

Status

  Vulnerable

Vendor Statement

Cisco has released a Security Response regarding CERT/CC Vulnerability

Note #739224 which has been posted at:

http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml

The most up-to-date information on all Cisco product security issues may
be found at:

http://www.cisco.com/go/psirt

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

See http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Internet Security Systems, Inc.

Notified:  April 16, 2007 Updated:  May 16, 2007

Status

  Vulnerable

Vendor Statement

IBM Internet Security Systems updated its Proventia products to contain this evasion technique on May 8, 2007.

The HTTP Post normalization logic has been updated to address an evasion that can occur when parsing Microsoft Unicode syntax. This issue was reported to IBM/ISS by Fatih Ozavci and Caglar Cakici of GamaSec (http://www.gamasec.net/english/gs07-01.html).

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

McAfee

Notified:  April 16, 2007 Updated:  May 23, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

See https://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=612970&sliceId=SAL_Public&dialogID=3630614&stateId=1%200%203626677 for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell, Inc.

Notified:  April 16, 2007 Updated:  September 07, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

See https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Secure Computing Network Security Division

Notified:  April 16, 2007 Updated:  August 01, 2007

Status

  Vulnerable

Vendor Statement

Sidewinder G2 and Sidewinder 7.0 Firewall base system: Not Vulnerable

Sidewinder G2 and the Sidewinder 7.0 Firewall base system does not have any elements which could be bypassed by this attack.


Sidewinder 7.0 IPS premium feature: Vulnerable
By design, the Sidewinder 7's IPS subsystem detects attempts to use this evasion technique, as well as other evasive encodings, and will either block or audit as configured. However, due to a software issue this protection can be bypassed. A software update (Sidewinder 7.0.0.02.H02) was released on 7/3/07 to correct this flaw, and is available to all customers with a current support contract.

SnapGear: Vulnerable
SnapGear products at version 3.1.5 and earlier include a vulnerable version of Snort. This will be corrected in an upcoming release.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Stonesoft

Notified:  April 16, 2007 Updated:  May 22, 2007

Status

  Vulnerable

Vendor Statement

StoneGate IPS version 4.0 and later have a good HTTP client request normalization and therefore can detect HTTP attacks that use this evasion technique. However, Stonesoft StoneGate IPS versions earlier than 4.0 are affected.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TippingPoint, Technologies, Inc.

Notified:  April 16, 2007 Updated:  May 17, 2007

Status

  Vulnerable

Vendor Statement

TippingPoint is dedicated to the security of our customers and a fix has been made available that will ship in all Digital Vaccine's released since DV7280.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

http://www.3com.com/securityalert/alerts/3COM-07-001.html

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apple Computer, Inc.

Notified:  April 16, 2007 Updated:  April 24, 2007

Statement Date:   April 20, 2007

Status

  Not Vulnerable

Vendor Statement

No Apple products currently provide this type of IDS/IPS functionality. We are not affected by this evasion technique.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

EMC, Inc. (formerly Data General Corporation)

Notified:  April 16, 2007 Updated:  May 23, 2007

Status

  Not Vulnerable

Vendor Statement

No EMC product currently provides IDS/IPS functionality.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Enterasys Networks

Notified:  April 16, 2007 Updated:  August 29, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Extreme Networks

Notified:  April 16, 2007 Updated:  April 22, 2009

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

F5 Networks, Inc.

Notified:  April 16, 2007 Updated:  June 19, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Force10 Networks, Inc.

Notified:  April 16, 2007 Updated:  May 17, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hewlett-Packard Company

Notified:  April 16, 2007 Updated:  April 18, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Imperva, Inc.

Notified:  April 30, 2007 Updated:  May 16, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

See http://www.imperva.com/application_defense_center/papers/cert739224-unicodebypass-051507.html for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Microsoft Corporation

Notified:  April 16, 2007 Updated:  November 13, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Snort

Notified:  April 16, 2007 Updated:  May 22, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sourcefire

Notified:  April 16, 2007 Updated:  May 16, 2007

Status

  Not Vulnerable

Vendor Statement

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Symantec, Inc.

Notified:  April 16, 2007 Updated:  May 24, 2007

Status

  Not Vulnerable

Vendor Statement

Symantec has tested and verified that none of its products are vulnerable to this issue.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AT&T

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alcatel

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Avaya, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Avici Systems, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Borderware Technologies

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Bro

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Charlotte's Web Networks

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Check Point Software Technologies

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Chiaro Networks, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Citrix

Notified:  April 26, 2007 Updated:  April 26, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Clavister

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Computer Associates

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Computer Associates eTrust Security Management

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Conectiva Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cray Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

D-Link Systems, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Data Connection, Ltd.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Debian GNU/Linux

Notified:  May 14, 2007 Updated:  May 14, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Engarde Secure Linux

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ericsson

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F-Secure Corporation

Notified:  May 24, 2007 Updated:  May 24, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fedora Project

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fortinet, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Foundry Networks, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fujitsu

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Global Technology Associates

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hitachi

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hyperchip

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM Corporation

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM Corporation (zseries)

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM eServer

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IP Filter

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Immunix Communications, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ingrian Networks, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intel Corporation

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intoto

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Juniper Networks, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Linksys (A division of Cisco Systems)

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lucent Technologies

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Luminous Networks

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Mandriva, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MontaVista Software, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Multinet (owned Process Software Corporation)

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Multitech, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NEC Corporation

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBSD

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Network Appliance, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NextHop Technologies, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nokia

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nortel Networks, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenBSD

Notified:  May 14, 2007 Updated:  May 14, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Openwall GNU/*/Linux

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QNX, Software Systems, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Red Hat, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Redback Networks, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Riverstone Networks, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SUSE Linux

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Secureworx, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Silicon Graphics, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Slackware Linux Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SmoothWall

Notified:  July 09, 2007 Updated:  July 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sony Corporation

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sun Microsystems, Inc.

Notified:  April 16, 2007 Updated:  April 25, 2007

Statement Date:   April 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

The SCO Group

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Trustix Secure Linux

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Turbolinux

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Unisys

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Watchguard Technologies, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Wind River Systems, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ZyXEL

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eSoft, Inc.

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netfilter

Notified:  April 16, 2007 Updated:  April 16, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

View all 95 vendors View less vendors


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

This issue was reported by Fatih Ozavci and Caglar Cakici of Gamasec Security

This document was written by Jeff Gennari.

Other Information

CVE IDs: None
Severity Metric: 1.76
Date Public: 2007-05-14
Date First Published: 2007-05-14
Date Last Updated: 2009-04-22 18:54 UTC
Document Revision: 24

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.