Overview
Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. This may allow malicious HTTP traffic to bypass content scanning systems.
Description
Full-width and half-width encoding is a technique for encoding Unicode characters. Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded HTTP traffic. By sending specially-crafted HTTP traffic to a vulnerable content scanning system, an attacker may be able to bypass that content scanning system. |
Impact
A remote, unauthenticated attacker may be able to bypass HTTP content scanning systems. |
Solution
Check with your vendor Refer to the Systems Affected section of this document for information about specific vendors regarding this issue. |
Vendor Information
3com, Inc. Affected
Notified: April 16, 2007 Updated: May 17, 2007
Status
Affected
Vendor Statement
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
See http://www.3com.com/securityalert/alerts/3COM-07-001.html for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Cisco Systems, Inc. Affected
Notified: April 16, 2007 Updated: May 15, 2007
Status
Affected
Vendor Statement
Cisco has released a Security Response regarding CERT/CC Vulnerability
Note #739224 which has been posted at:
http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml
The most up-to-date information on all Cisco product security issues may
be found at:
http://www.cisco.com/go/psirt
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
See http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Internet Security Systems, Inc. Affected
Notified: April 16, 2007 Updated: May 16, 2007
Status
Affected
Vendor Statement
IBM Internet Security Systems updated its Proventia products to contain this evasion technique on May 8, 2007.
The HTTP Post normalization logic has been updated to address an evasion that can occur when parsing Microsoft Unicode syntax. This issue was reported to IBM/ISS by Fatih Ozavci and Caglar Cakici of GamaSec (http://www.gamasec.net/english/gs07-01.html).
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
McAfee Affected
Notified: April 16, 2007 Updated: May 23, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
See https://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=612970&sliceId=SAL_Public&dialogID=3630614&stateId=1%200%203626677 for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Novell, Inc. Affected
Notified: April 16, 2007 Updated: September 07, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
See https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Secure Computing Network Security Division Affected
Notified: April 16, 2007 Updated: August 01, 2007
Status
Affected
Vendor Statement
Sidewinder G2 and Sidewinder 7.0 Firewall base system: Not Vulnerable
Sidewinder G2 and the Sidewinder 7.0 Firewall base system does not have any elements which could be bypassed by this attack.
Sidewinder 7.0 IPS premium feature: Vulnerable
By design, the Sidewinder 7's IPS subsystem detects attempts to use this evasion technique, as well as other evasive encodings, and will either block or audit as configured. However, due to a software issue this protection can be bypassed. A software update (Sidewinder 7.0.0.02.H02) was released on 7/3/07 to correct this flaw, and is available to all customers with a current support contract.
SnapGear: Vulnerable
SnapGear products at version 3.1.5 and earlier include a vulnerable version of Snort. This will be corrected in an upcoming release.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Stonesoft Affected
Notified: April 16, 2007 Updated: May 22, 2007
Status
Affected
Vendor Statement
StoneGate IPS version 4.0 and later have a good HTTP client request normalization and therefore can detect HTTP attacks that use this evasion technique. However, Stonesoft StoneGate IPS versions earlier than 4.0 are affected.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
TippingPoint, Technologies, Inc. Affected
Notified: April 16, 2007 Updated: May 17, 2007
Status
Affected
Vendor Statement
TippingPoint is dedicated to the security of our customers and a fix has been made available that will ship in all Digital Vaccine's released since DV7280.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
http://www.3com.com/securityalert/alerts/3COM-07-001.html
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Apple Computer, Inc. Not Affected
Notified: April 16, 2007 Updated: April 24, 2007
Statement Date: April 20, 2007
Status
Not Affected
Vendor Statement
No Apple products currently provide this type of IDS/IPS functionality. We are not affected by this evasion technique.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
EMC, Inc. (formerly Data General Corporation) Not Affected
Notified: April 16, 2007 Updated: May 23, 2007
Status
Not Affected
Vendor Statement
No EMC product currently provides IDS/IPS functionality.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Enterasys Networks Not Affected
Notified: April 16, 2007 Updated: August 29, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Extreme Networks Not Affected
Notified: April 16, 2007 Updated: April 22, 2009
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
F5 Networks, Inc. Not Affected
Notified: April 16, 2007 Updated: June 19, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Force10 Networks, Inc. Not Affected
Notified: April 16, 2007 Updated: May 17, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hewlett-Packard Company Not Affected
Notified: April 16, 2007 Updated: April 18, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Imperva, Inc. Not Affected
Notified: April 30, 2007 Updated: May 16, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
See http://www.imperva.com/application_defense_center/papers/cert739224-unicodebypass-051507.html for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Microsoft Corporation Not Affected
Notified: April 16, 2007 Updated: November 13, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Snort Not Affected
Notified: April 16, 2007 Updated: May 22, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sourcefire Not Affected
Notified: April 16, 2007 Updated: May 16, 2007
Status
Not Affected
Vendor Statement
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Symantec, Inc. Not Affected
Notified: April 16, 2007 Updated: May 24, 2007
Status
Not Affected
Vendor Statement
Symantec has tested and verified that none of its products are vulnerable to this issue.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AT&T Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Alcatel Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Avaya, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Avici Systems, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Borderware Technologies Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Bro Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Charlotte's Web Networks Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Check Point Software Technologies Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Chiaro Networks, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Citrix Unknown
Notified: April 26, 2007 Updated: April 26, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Clavister Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Computer Associates Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Computer Associates eTrust Security Management Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Conectiva Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cray Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
D-Link Systems, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Data Connection, Ltd. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Debian GNU/Linux Unknown
Notified: May 14, 2007 Updated: May 14, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Engarde Secure Linux Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ericsson Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
F-Secure Corporation Unknown
Notified: May 24, 2007 Updated: May 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fedora Project Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fortinet, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Foundry Networks, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
FreeBSD, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fujitsu Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Gentoo Linux Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Global Technology Associates Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hitachi Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hyperchip Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM Corporation Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM Corporation (zseries) Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM eServer Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IP Filter Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Immunix Communications, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ingrian Networks, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Intel Corporation Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Intoto Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Juniper Networks, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Linksys (A division of Cisco Systems) Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Lucent Technologies Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Luminous Networks Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Mandriva, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
MontaVista Software, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Multinet (owned Process Software Corporation) Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Multitech, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NEC Corporation Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NetBSD Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Network Appliance, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NextHop Technologies, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nokia Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nortel Networks, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
OpenBSD Unknown
Notified: May 14, 2007 Updated: May 14, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Openwall GNU/*/Linux Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
QNX, Software Systems, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Red Hat, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Redback Networks, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Riverstone Networks, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
SUSE Linux Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Secureworx, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Silicon Graphics, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Slackware Linux Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
SmoothWall Unknown
Notified: July 09, 2007 Updated: July 09, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sony Corporation Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sun Microsystems, Inc. Unknown
Notified: April 16, 2007 Updated: April 25, 2007
Statement Date: April 19, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
The SCO Group Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Trustix Secure Linux Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Turbolinux Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ubuntu Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Unisys Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Watchguard Technologies, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Wind River Systems, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ZyXEL Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
eSoft, Inc. Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
netfilter Unknown
Notified: April 16, 2007 Updated: April 16, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.gamasec.net/english/gs07-01.html
- http://www.unicode.org/charts/PDF/UFF00.pdf
- http://secunia.com/advisories/25285/
- http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml
- http://secunia.com/advisories/25302/
- http://www.frsirt.com/english/advisories/2007/1817
- http://www.securityfocus.com/infocus/1232
- http://xforce.iss.net/xforce/alerts/id/advise68
- https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html
- http://secunia.com/advisories/26692/
- http://secunia.com/advisories/27455/
Acknowledgements
This issue was reported by Fatih Ozavci and Caglar Cakici of Gamasec Security.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | None |
| Severity Metric: | 1.76 |
| Date Public: | 2007-05-14 |
| Date First Published: | 2007-05-14 |
| Date Last Updated: | 2009-04-22 18:54 UTC |
| Document Revision: | 24 |