3Com TippingPoint IPS HTTP POST请求绕过漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1190549 漏洞类型 未知
发布时间 2007-05-16 更新时间 2007-05-16
CVE编号 CVE-2007-2734 CNNVD-ID CNNVD-200705-336
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/86153
https://cxsecurity.com/issue/WLB-2007050065
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200705-336
|漏洞详情
3ComTippingPointIPS没有正确的处理HTTPPOST请求中的特定的全宽度和半宽度的统一码字符编码,这使得远程攻击者可以绕过对HTTP流量的检测。
|漏洞EXP

GS07-01 Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass
Vulnerability

Date & Version : 04/14/2007 - 1.0

Description :

Various HTTP content scanning systems fail to properly scan
full-width/half-width Unicode encoded traffic. This may allow malicious
content to bypass HTTP content scanning systems.

HTTP Content Scanning Systems have a pre-processor to decode various
forms of HTTP encoded requests such as UTF encoding for attack signature
analysis. Full-width and half-width is an encoding technique for Unicode
characters. Various HTTP content scanning systems fail to properly scan
full-width/half-width Unicode encoded traffic.

Some Open Source or Microsoft Products such as Microsoft ISS and .NET
Framework properly decode this type of encoding. But most IDS/IPS/WAF
products does not properly decode full-width Unicode (%uff) encoded HTTP
requests for analysis, Lowercase/Uppercase conversion and character
matching. By sending HTTP traffic to a vulnerable content scanning
system, an attacker may be able to bypass the content scanning system.

Risk Level : High

Impact : Security Bypass

Systems Affected :

Checkpoint Web Intelligence (Confirmed)
IBM ISS Proventia Series (Confirmed)
Full List of Vendors : (CERT - Vulnerability Note VU#739224) [1]

Remedy :

Contact your vendor for a hotfix, patch or advanced configuration.

Credits :

Fatih Ozavci (GamaTEAM Member)
Caglar Cakici (GamaTEAM Member)
It's detected using GamaSEC Exploit Framework
GamaSEC Information Security Audit and Consulting Services
(www.gamasec.net)

Original Advisory Link :
http://www.gamasec.net/english/gs07-01.html

References :

1. CERT - Vulnerability Note VU#739224
      http://www.kb.cert.org/vuls/id/739224

2. Unicode Home Page
      http://unicode.org

3. Unicode.org, Halfwidth and Fullwidth Forms
      http://www.unicode.org/charts/PDF/UFF00.pdf

-- 
Best Regards
Fatih Ozavci
IT Security Consultant
|参考资料

来源:VU#739224
名称:VU#739224
链接:http://www.kb.cert.org/vuls/id/739224
来源:SECUNIA
名称:25302
链接:http://secunia.com/advisories/25302
来源:BUGTRAQ
名称:20070515GS07-01Full-WidthandHalf-WidthUnicodeEncodingIDS/IPS/WAFBypassVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/468633/100/0/threaded
来源:MISC
链接:http://www.gamasec.net/english/gs07-01.html
来源:VUPEN
名称:ADV-2007-1817
链接:http://www.frsirt.com/english/advisories/2007/1817
来源:www.3com.com
链接:http://www.3com.com/securityalert/alerts/3COM-07-001.html
来源:OSVDB
名称:35968
链接:http://osvdb.org/35968
来源:SREASON
名称:2712
链接:http://securityreason.com/securityalert/2712