ID

VAR-200705-0413

CVE

CVE-2007-2689

TITLE

HTTP content scanning systems full-width/half-width Unicode encoding bypass

DESCRIPTION

Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. This may allow malicious HTTP traffic to bypass content scanning systems. Web Intelligence is prone to a remote security vulnerability. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Novell iChain HTTP Unicode Encoding Detection Bypass SECUNIA ADVISORY ID: SA26692 VERIFY ADVISORY: http://secunia.com/advisories/26692/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Novell iChain 2.x http://secunia.com/product/1423/ DESCRIPTION: A vulnerability has been reported in Novell iChain, which can be exploited by malicious people to bypass certain security restrictions. SOLUTION: Apply iChain 2.3 SP5 Interim Release 3 or greater (2.3.408). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Full-width and half-width is an encoding technique for Unicode characters. Some Open Source or Microsoft Products such as Microsoft ISS and .NET Framework properly decode this type of encoding. Risk Level : High Impact : Security Bypass Systems Affected : Checkpoint Web Intelligence (Confirmed) IBM ISS Proventia Series (Confirmed) Full List of Vendors : (CERT - Vulnerability Note VU#739224) [1] Remedy : Contact your vendor for a hotfix, patch or advanced configuration. Credits : Fatih Ozavci (GamaTEAM Member) Caglar Cakici (GamaTEAM Member) It's detected using GamaSEC Exploit Framework GamaSEC Information Security Audit and Consulting Services (www.gamasec.net) Original Advisory Link : http://www.gamasec.net/english/gs07-01.html References : 1. CERT - Vulnerability Note VU#739224 http://www.kb.cert.org/vuls/id/739224 2. Unicode Home Page http://unicode.org 3. Unicode.org, Halfwidth and Fullwidth Forms http://www.unicode.org/charts/PDF/UFF00.pdf -- Best Regards Fatih Ozavci IT Security Consultant . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The vulnerability is reported in versions prior to 4.0. SOLUTION: Update to version 4.0 or later. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/ The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. The vulnerability affects the following products: * Cisco Intrusion Prevention System (IPS) * Cisco IOS with Firewall/IPS Feature Set SOLUTION: No fix or workaround is currently available

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

unknown

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Unknown

SOURCES

LAST UPDATE DATE

2025-04-10T23:07:32.726000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE