SurfControl Affected

Notified:  December 20, 2001 Updated: February 26, 2002



Vendor Statement

"We've addressed the vulnerability where blocking doesn't occur with the host header not being present. "The vulnerability used to be present in one of our products: SuperScout Web Filter Win NT/2000 (our Pass-By, passive Ethernet technology). "Our fix for this behavior is to rely on IP address to continue the block, when the host header is missing. This does not work, however, in a "Hosted" environment, where many different domains are served from the same IP. But, for the majority of our customers this will address the problem. The fix was introduced with version 4, released for general availability on October 15, 2001. "Bare in mind that this vulnerability is only active for one of our SuperScout Web Filter (Pass-By for Win NT/2000 ). For our other SuperScout Web Filter brands that are based on Pass-Through architecture, the split packet vulnerability is not present. The SuperScout Web Filter products that are NOT affected are: SuperScout Web Filter - for Microsoft Proxy SuperScout Web Filter - for Microsoft ISA Server SuperScout Web Filter - for Checkpoint FW-1/VPN-1 (Windows NT, Solaris, & Linux) SuperScout Web Filter VS(Velocity Server) - (Windows NT, Solaris, & Linux)"

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


The CERT/CC has no additional comments at this time.