search menu icon-carat-right cmu-wordmark

CERT Coordination Center

HTTP content scanning systems full-width/half-width Unicode encoding bypass

Vulnerability Note VU#739224

Original Release Date: 2007-05-14 | Last Revised: 2009-04-22

Overview

Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. This may allow malicious HTTP traffic to bypass content scanning systems.

Description

Full-width and half-width encoding is a technique for encoding Unicode characters. Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded HTTP traffic. By sending specially-crafted HTTP traffic to a vulnerable content scanning system, an attacker may be able to bypass that content scanning system.

Impact

A remote, unauthenticated attacker may be able to bypass HTTP content scanning systems.

Solution

Check with your vendor

Refer to the Systems Affected section of this document for information about specific vendors regarding this issue.

Vendor Information

739224
 

3com, Inc. Affected

Notified:  April 16, 2007 Updated: May 17, 2007

Status

Affected

Vendor Statement

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

See http://www.3com.com/securityalert/alerts/3COM-07-001.html for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cisco Systems, Inc. Affected

Notified:  April 16, 2007 Updated: May 15, 2007

Status

Affected

Vendor Statement

Cisco has released a Security Response regarding CERT/CC Vulnerability

Note #739224 which has been posted at:

http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml

The most up-to-date information on all Cisco product security issues may
be found at:

http://www.cisco.com/go/psirt

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

See http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Internet Security Systems, Inc. Affected

Notified:  April 16, 2007 Updated: May 16, 2007

Status

Affected

Vendor Statement

IBM Internet Security Systems updated its Proventia products to contain this evasion technique on May 8, 2007.

The HTTP Post normalization logic has been updated to address an evasion that can occur when parsing Microsoft Unicode syntax. This issue was reported to IBM/ISS by Fatih Ozavci and Caglar Cakici of GamaSec (http://www.gamasec.net/english/gs07-01.html).

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

McAfee Affected

Notified:  April 16, 2007 Updated: May 23, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

See https://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=612970&sliceId=SAL_Public&dialogID=3630614&stateId=1%200%203626677 for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell, Inc. Affected

Notified:  April 16, 2007 Updated: September 07, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

See https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Secure Computing Network Security Division Affected

Notified:  April 16, 2007 Updated: August 01, 2007

Status

Affected

Vendor Statement

Sidewinder G2 and Sidewinder 7.0 Firewall base system: Not Vulnerable

Sidewinder G2 and the Sidewinder 7.0 Firewall base system does not have any elements which could be bypassed by this attack.


Sidewinder 7.0 IPS premium feature: Vulnerable
By design, the Sidewinder 7's IPS subsystem detects attempts to use this evasion technique, as well as other evasive encodings, and will either block or audit as configured. However, due to a software issue this protection can be bypassed. A software update (Sidewinder 7.0.0.02.H02) was released on 7/3/07 to correct this flaw, and is available to all customers with a current support contract.

SnapGear: Vulnerable
SnapGear products at version 3.1.5 and earlier include a vulnerable version of Snort. This will be corrected in an upcoming release.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Stonesoft Affected

Notified:  April 16, 2007 Updated: May 22, 2007

Status

Affected

Vendor Statement

StoneGate IPS version 4.0 and later have a good HTTP client request normalization and therefore can detect HTTP attacks that use this evasion technique. However, Stonesoft StoneGate IPS versions earlier than 4.0 are affected.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TippingPoint, Technologies, Inc. Affected

Notified:  April 16, 2007 Updated: May 17, 2007

Status

Affected

Vendor Statement

TippingPoint is dedicated to the security of our customers and a fix has been made available that will ship in all Digital Vaccine's released since DV7280.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

http://www.3com.com/securityalert/alerts/3COM-07-001.html

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apple Computer, Inc. Not Affected

Notified:  April 16, 2007 Updated: April 24, 2007

Statement Date:   April 20, 2007

Status

Not Affected

Vendor Statement

No Apple products currently provide this type of IDS/IPS functionality. We are not affected by this evasion technique.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

EMC, Inc. (formerly Data General Corporation) Not Affected

Notified:  April 16, 2007 Updated: May 23, 2007

Status

Not Affected

Vendor Statement

No EMC product currently provides IDS/IPS functionality.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Enterasys Networks Not Affected

Notified:  April 16, 2007 Updated: August 29, 2007

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Extreme Networks Not Affected

Notified:  April 16, 2007 Updated: April 22, 2009

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

F5 Networks, Inc. Not Affected

Notified:  April 16, 2007 Updated: June 19, 2007

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Force10 Networks, Inc. Not Affected

Notified:  April 16, 2007 Updated: May 17, 2007

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hewlett-Packard Company Not Affected

Notified:  April 16, 2007 Updated: April 18, 2007

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Imperva, Inc. Not Affected

Notified:  April 30, 2007 Updated: May 16, 2007

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

See http://www.imperva.com/application_defense_center/papers/cert739224-unicodebypass-051507.html for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Microsoft Corporation Not Affected

Notified:  April 16, 2007 Updated: November 13, 2007

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Snort Not Affected

Notified:  April 16, 2007 Updated: May 22, 2007

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sourcefire Not Affected

Notified:  April 16, 2007 Updated: May 16, 2007

Status

Not Affected

Vendor Statement

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Symantec, Inc. Not Affected

Notified:  April 16, 2007 Updated: May 24, 2007

Status

Not Affected

Vendor Statement

Symantec has tested and verified that none of its products are vulnerable to this issue.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AT&T Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alcatel Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Avaya, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Avici Systems, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Borderware Technologies Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Bro Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Charlotte's Web Networks Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Check Point Software Technologies Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Chiaro Networks, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Citrix Unknown

Notified:  April 26, 2007 Updated: April 26, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Clavister Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Computer Associates Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Computer Associates eTrust Security Management Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Conectiva Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cray Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

D-Link Systems, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Data Connection, Ltd. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Debian GNU/Linux Unknown

Notified:  May 14, 2007 Updated: May 14, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Engarde Secure Linux Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ericsson Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F-Secure Corporation Unknown

Notified:  May 24, 2007 Updated: May 24, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fedora Project Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fortinet, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Foundry Networks, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fujitsu Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Global Technology Associates Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hitachi Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hyperchip Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM Corporation Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM Corporation (zseries) Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM eServer Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IP Filter Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Immunix Communications, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ingrian Networks, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intel Corporation Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intoto Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Juniper Networks, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Linksys (A division of Cisco Systems) Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lucent Technologies Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Luminous Networks Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Mandriva, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MontaVista Software, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Multinet (owned Process Software Corporation) Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Multitech, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NEC Corporation Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBSD Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Network Appliance, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NextHop Technologies, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nokia Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nortel Networks, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenBSD Unknown

Notified:  May 14, 2007 Updated: May 14, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Openwall GNU/*/Linux Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QNX, Software Systems, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Red Hat, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Redback Networks, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Riverstone Networks, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SUSE Linux Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Secureworx, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Silicon Graphics, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Slackware Linux Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SmoothWall Unknown

Notified:  July 09, 2007 Updated: July 09, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sony Corporation Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sun Microsystems, Inc. Unknown

Notified:  April 16, 2007 Updated: April 25, 2007

Statement Date:   April 19, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

The SCO Group Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Trustix Secure Linux Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Turbolinux Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Unisys Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Watchguard Technologies, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Wind River Systems, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ZyXEL Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eSoft, Inc. Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netfilter Unknown

Notified:  April 16, 2007 Updated: April 16, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

View all 95 vendors View less vendors


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This issue was reported by Fatih Ozavci and Caglar Cakici of Gamasec Security.

This document was written by Jeff Gennari.

Other Information

CVE IDs: None
Severity Metric: 1.76
Date Public: 2007-05-14
Date First Published: 2007-05-14
Date Last Updated: 2009-04-22 18:54 UTC
Document Revision: 24

Sponsored by CISA.