F-Secure Information for VU#868219

Multiple vendors' HTTP content/virus scanners do not check data tunneled via HTTP CONNECT method


Not Affected

Vendor Statement

F-Secure products are not vulnerable.

We do not have a product implemented as HTTP proxy. FSAV for Firewalls is designed to scan HTTP traffic, and works in conjunction with a CVP-compliant firewall such as Check Point FireWall-1, Cyberguard, etc.

Customers using FSAV for Firewalls should check if their firewall software is affected and contact the firewall vendor to get a patch/workaround.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.