Updated: September 07, 2001
Affected
Please see http://www.cisco.com/warp/public/707/cisco-intrusion-detection-obfuscation-vuln-pub.shtml
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 07, 2001
Affected
Dragon Sensor 4.x was affected. Signatures to detect the new IIS UNICODE encoding flaw have been available, and a modification to the Web processing engine is already included in Dragon Sensor 5.0. To obtain dragon products, visit http://dragon.enterasys.com.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 07, 2001
Affected
ISS X-Force has included a patch for this vulnerability in RealSecure Network Sensor X-Press Update 3.2. ISS X-Force recommends that all RealSecure customers download and install the update immediately. RealSecure X-Press Update 3.2 is now available. RealSecure Network Sensor customers can download XPU 3.2 from the following address: http://www.iss.net/db_data/xpu/RS.php RealSecure Server Sensor version 6.0.1 includes a fix for this vulnerability. RealSecure Server Sensor 6.0.1 will be available for download on September 4, 2001. ISS X-Force recommends that all RealSecure customers upgrade their Windows Server Sensors to version 6.0.1. A patch is being developed for RealSecure Server Sensor 5.5 and will be available on or before August 31, 2001 at the ISS Download Center: http://www.iss.net/eval/eval.php. BlackICE products are not affected by this vulnerability. Attempts to exploit this vulnerability will trigger the “HTTP URL bad hex code” signature. The next BlackICE product update will specifically address “%u” encoding."
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 18, 2002
Affected
Snort 1.8.1 fixes this encoding bug. You can receive it from http://snort.sourcefire.com/.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.