CVE-2006-0515
CVSS7.5
发布时间 :2006-05-09 06:02:00
修订时间 :2011-03-07 21:30:13
NMCOPS    

[原文]Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.


[CNNVD]Cisco PIX/ASA WebSense 内容过滤绕过漏洞(CNNVD-200605-173)

        Cisco PIX是非常流行的网络防火墙,FWSM是Cisco设备上的防火墙服务模块。
        Cisco PIX和其他一些Cisco过滤设备在同Websense Enterprise集成共同处理拆分报文的方式存在漏洞,攻击者可以利用此漏洞绕过Websense的内容检查过滤。
        对于每个HTTP请求,Cisco PIX或其他Cisco设备都要将每个报文转发给Websense以判断是否应该允许该请求。但是,如果将HTTP请求拆分为两个或多个报文的话,就可能绕过过滤机制。此外,Websense没有记录使用上述碎片方式的请求,也就是没有将请求发送给Websense进行策略检查。利用这个漏洞的最简单的方式是拆分出HTTP请求的第一个字符,其他数据使用单个TCP报文(比如为每个报文设置PSH标签)。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:cisco:adaptive_security_appliance:7.0%284%29
cpe:/o:cisco:pix_firewall:4.4%287.202%29
cpe:/o:cisco:pix_firewall:6.2
cpe:/o:cisco:pix_firewall:5.0
cpe:/o:cisco:pix_firewall:3.1
cpe:/o:cisco:pix_firewall:6.2%283%29
cpe:/a:cisco:pix_firewall:6.2.3_%28110%29
cpe:/o:cisco:pix_firewall:6.3%283.102%29
cpe:/o:cisco:pix_firewall:5.1
cpe:/o:cisco:pix_firewall:6.1%282%29
cpe:/o:cisco:pix_firewall:2.7
cpe:/o:cisco:pix_firewall:5.2%283.210%29
cpe:/o:cisco:pix_firewall:5.2%289%29
cpe:/o:cisco:pix_firewall:6.3
cpe:/o:cisco:pix_firewall:6.2%283.100%29
cpe:/o:cisco:pix_firewall:6.1%284%29
cpe:/o:cisco:pix_firewall:4.3
cpe:/o:cisco:pix_firewall:5.1%284.206%29
cpe:/o:cisco:pix_firewall:6.1%281%29
cpe:/o:cisco:pix_firewall:5.3%281.200%29
cpe:/o:cisco:pix_firewall:6.2%282%29
cpe:/o:cisco:pix_firewall:5.2%282%29
cpe:/o:cisco:pix_firewall:4.4
cpe:/o:cisco:pix_firewall:5.2%285%29
cpe:/o:cisco:pix_firewall:6.2%281%29
cpe:/o:cisco:pix_firewall:6.1%283%29
cpe:/h:cisco:firewall_services_module:3.1Cisco FWSM 3.1
cpe:/o:cisco:pix_firewall:5.2%281%29
cpe:/o:cisco:pix_firewall:3.0
cpe:/o:cisco:pix_firewall:6.1
cpe:/o:cisco:pix_firewall:4.1%286%29
cpe:/o:cisco:pix_firewall:4.2%281%29
cpe:/o:cisco:pix_firewall:5.2
cpe:/o:cisco:pix_firewall:6.0%284.101%29
cpe:/o:cisco:pix_firewall:4.2
cpe:/o:cisco:adaptive_security_appliance:7.0.1.4
cpe:/o:cisco:pix_firewall:6.0%281%29
cpe:/o:cisco:pix_firewall:4.2%285%29
cpe:/o:cisco:pix_firewall:6.1.5%28104%29Cisco PIX Firewall 6.1.5 (104)
cpe:/o:cisco:pix_firewall:6.0
cpe:/o:cisco:pix_firewall:5.3
cpe:/o:cisco:pix_firewall:6.3%285%29
cpe:/o:cisco:pix_firewall:5.3%283%29
cpe:/o:cisco:pix_firewall:6.0%283%29
cpe:/o:cisco:pix_firewall:6.3%282%29
cpe:/o:cisco:pix_firewall:4.4%288%29
cpe:/o:cisco:adaptive_security_appliance:7.0
cpe:/o:cisco:pix_firewall:5.2%286%29
cpe:/h:cisco:firewall_services_module:2.3Cisco FWSM 2.3
cpe:/o:cisco:pix_firewall:6.1%285%29
cpe:/o:cisco:adaptive_security_appliance:7.0.4.3
cpe:/a:cisco:pix_firewall:6.3.3_%28133%29
cpe:/o:cisco:pix_firewall:5.1%284%29
cpe:/o:cisco:pix_firewall:6.0%284%29
cpe:/o:cisco:pix_firewall:5.3%281%29
cpe:/o:cisco:pix_firewall:5.2%287%29
cpe:/o:cisco:pix_firewall:6.3%283%29
cpe:/o:cisco:pix_firewall:6.3%283.109%29
cpe:/o:cisco:pix_firewall:4.0
cpe:/o:cisco:pix_firewall:4.4%284%29
cpe:/o:cisco:pix_firewall:6.3%281%29
cpe:/o:cisco:pix_firewall:6.0%282%29
cpe:/a:cisco:pix_firewall:6.2.2.111
cpe:/h:cisco:pix_firewall:6.3
cpe:/o:cisco:pix_firewall:5.3%282%29
cpe:/o:cisco:pix_firewall:4.1%286b%29
cpe:/o:cisco:pix_firewall:4.2%282%29

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0515
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0515
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200605-173
(官方数据源) CNNVD

- 其它链接及资源

http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt
(VENDOR_ADVISORY)  MISC  http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt
http://www.securityfocus.com/archive/1/archive/1/433270/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060508 VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices
http://www.vupen.com/english/advisories/2006/1738
(UNKNOWN)  VUPEN  ADV-2006-1738
http://www.securityfocus.com/bid/17883
(UNKNOWN)  BID  17883
http://securitytracker.com/id?1016040
(UNKNOWN)  SECTRACK  1016040
http://securitytracker.com/id?1016039
(UNKNOWN)  SECTRACK  1016039
http://secunia.com/advisories/20044
(UNKNOWN)  SECUNIA  20044
http://xforce.iss.net/xforce/xfdb/26308
(UNKNOWN)  XF  cisco-websense-content-filtering-bypass(26308)
http://www.osvdb.org/25453
(UNKNOWN)  OSVDB  25453
http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_security_response09186a00806824ec.html
(UNKNOWN)  CISCO  20060508 PIX/ASA/FWSM Websense/N2H2 Content Filter Bypass
http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045899.html
(UNKNOWN)  FULLDISC  20060508 VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices

- 漏洞信息

Cisco PIX/ASA WebSense 内容过滤绕过漏洞
高危 设计错误
2006-05-09 00:00:00 2006-06-23 00:00:00
远程  
        Cisco PIX是非常流行的网络防火墙,FWSM是Cisco设备上的防火墙服务模块。
        Cisco PIX和其他一些Cisco过滤设备在同Websense Enterprise集成共同处理拆分报文的方式存在漏洞,攻击者可以利用此漏洞绕过Websense的内容检查过滤。
        对于每个HTTP请求,Cisco PIX或其他Cisco设备都要将每个报文转发给Websense以判断是否应该允许该请求。但是,如果将HTTP请求拆分为两个或多个报文的话,就可能绕过过滤机制。此外,Websense没有记录使用上述碎片方式的请求,也就是没有将请求发送给Websense进行策略检查。利用这个漏洞的最简单的方式是拆分出HTTP请求的第一个字符,其他数据使用单个TCP报文(比如为每个报文设置PSH标签)。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.cisco.com/warp/public/707/cisco-sr-20060508-pix.shtml

- 漏洞信息 (F46313)

cisco-websense-bypass.txt (PacketStormID:F46313)
2006-05-17 00:00:00
George D. Gal  
advisory,web
cisco
CVE-2006-0515
[点击下载]

For each HTTP request the Cisco PIX or other Cisco device forwards individual packets to Websense to determine whether or not the request should be permitted. However, when splitting the HTTP request into two or more packets on the HTTP method it is possible to circumvent the filtering mechanism. Affected versions are Websense 5.5.2, Cisco PIX OS / ASA versions below 7.0.4.12, Cisco PIX OS versions below 6.3.6(112), FWSM 2.3.x, and FWSM 3.x.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

               Virtual Security Research, LLC.
                  http://www.vsecurity.com/
                      Security Advisory

-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Advisory Name: WebSense content filter bypass when deployed in   	
	       conjunction with Cisco filtering devices
 Release Date: 2006-05-08
  Application: Websense in Conjunction with Cisco PIX
      Version: Websense 5.5.2
               Cisco PIX OS / ASA < 7.0.4.12
               Cisco PIX OS < 6.3.5(112)
               FWSM 2.3.x
               FWSM 3.x
               (other versions untested)
     Severity: Low
       Author: George D. Gal <ggal_at_vsecurity.com>
Vendor Status: Vendor Notified, Fix Available
CVE Candidate: CVE-2006-0515
    Reference:
http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt
-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


Product Description:

>>From the WebSense website[1]:


 "Websense Enterprise, the industry-leading web filtering solution,
  improves employee productivity, reduces legal liability, and optimizes
  the use of IT resources. Websense Enterprise integrates seamlessly
  with leading network infrastructure products to offer unequaled
  flexibility and control."


Vulnerability Overview:

On August 9th, 2005 VSR has identified the ability to bypass the
Websense URL filtering capabilities when used in conjunction with the
Cisco PIX for web content filtering.  Shortly thereafter another
security researcher [sledge.hammer(a+t)sinhack.net] had published[2] a
proof-of-concept for evading the URL filtering performed by Websense
claiming that Websense has failed to address the issue. However, the
vulnerability has been verified by Cisco as a problem which relies
within its handling of filtered requests.


Vulnerability Details:

The vulnerability exists primarily due to the manner in which Cisco PIX
and other Cisco filtering devices handle split packets in conjunction
with Websense Enterprise integration.

For each HTTP request the Cisco PIX or other Cisco device forwards
individual packets to Websense to determine whether or not the request
should be permitted.
However, when splitting the HTTP request into two or more packets on the
HTTP method it is possible to circumvent the filtering mechanism.

Additionally, requests using this fragmented approach do not appear to
be logged within Websense indicating that the request is never sent to
Websense for policy inspection.

The simplest form required to exploit this vulnerability is to fragment
the first character of the HTTP request, followed by a single TCP packet
for subsequent data (e.g. setting the PSH flag on the individual packets).

Virtual Security Research has created a utility[3] to demonstrate the
ability to bypass Websense filtering for the affected versions of Cisco
filtering devices enumerated in this advisory header. You may download
and run this utility at your own risk from:

 http://www.vsecurity.com/tools/WebsenseBypassProxy.java

The following Snort output demonstrates the fragmented request capable
of bypassing Websense:

-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
11/04-10:06:36.260991 0:B:DB:DE:19:87 -> 0:0:C:7:AC:5 type:0x800 len:0x43
10.254.5.113:58034 -> 82.165.25.125:80 TCP TTL:64 TOS:0x0 ID:1534
IpLen:20 DgmLen:53 DF
***AP*** Seq: 0xF5B80F51  Ack: 0x21D6E47  Win: 0x8040  TcpLen: 32
TCP Options (3) => NOP NOP TS: 148674 160066961
47                                               G

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

11/04-10:06:36.359288 0:30:7B:93:19:4C -> 0:B:DB:DE:19:87 type:0x800
len:0x42
82.165.25.125:80 -> 10.254.5.113:58034 TCP TTL:49 TOS:0x0 ID:36972
IpLen:20 DgmLen:52 DF
***A**** Seq: 0x21D6E47  Ack: 0xF5B80F52  Win: 0x16A0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 160066973 148674

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

11/04-10:06:36.359387 0:B:DB:DE:19:87 -> 0:0:C:7:AC:5 type:0x800 len:0x185
10.254.5.113:58034 -> 82.165.25.125:80 TCP TTL:64 TOS:0x0 ID:1535
IpLen:20 DgmLen:375 DF
***AP*** Seq: 0xF5B80F52  Ack: 0x21D6E47  Win: 0x8040  TcpLen: 32
TCP Options (3) => NOP NOP TS: 148683 160066973
45 54 20 2F 66 61 76 69 63 6F 6E 2E 69 63 6F 20  ET /favicon.ico
48 54 54 50 2F 31 2E 31 0D 0A 48 6F 73 74 3A 20  HTTP/1.1..Host:
77 77 77 2E 70 68 72 61 63 6B 2E 6F 72 67 0D 0A  www.phrack.org..
55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A 69  User-Agent: Mozi
6C 6C 61 2F 35 2E 30 20 28 58 31 31 3B 20 55 3B  lla/5.0 (X11; U;
20 46 72 65 65 42 53 44 20 69 33 38 36 3B 20 65   FreeBSD i386; e
6E 2D 55 53 3B 20 72 76 3A 31 2E 37 2E 39 29 20  n-US; rv:1.7.9)
47 65 63 6B 6F 2F 32 30 30 35 30 37 31 38 20 46  Gecko/20050718 F
69 72 65 66 6F 78 2F 31 2E 30 2E 35 0D 0A 41 63  irefox/1.0.5..Ac
63 65 70 74 3A 20 69 6D 61 67 65 2F 70 6E 67 2C  cept: image/png,
2A 2F 2A 3B 71 3D 30 2E 35 0D 0A 41 63 63 65 70  */*;q=0.5..Accep
74 2D 4C 61 6E 67 75 61 67 65 3A 20 65 6E 2D 75  t-Language: en-u
73 2C 65 6E 3B 71 3D 30 2E 35 0D 0A 41 63 63 65  s,en;q=0.5..Acce
70 74 2D 45 6E 63 6F 64 69 6E 67 3A 20 67 7A 69  pt-Encoding: gzi
70 2C 64 65 66 6C 61 74 65 0D 0A 41 63 63 65 70  p,deflate..Accep
74 2D 43 68 61 72 73 65 74 3A 20 49 53 4F 2D 38  t-Charset: ISO-8
38 35 39 2D 31 2C 75 74 66 2D 38 3B 71 3D 30 2E  859-1,utf-8;q=0.
37 2C 2A 3B 71 3D 30 2E 37 0D 0A 4B 65 65 70 2D  7,*;q=0.7..Keep-
41 6C 69 76 65 3A 20 63 6C 6F 73 65 0D 0A 43 6F  Alive: close..Co
6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D  nnection: close.
0A 0D 0A                                         ...

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

11/04-10:06:36.458004 0:30:7B:93:19:4C -> 0:B:DB:DE:19:87 type:0x800
len:0x42
82.165.25.125:80 -> 10.254.5.113:58034 TCP TTL:49 TOS:0x0 ID:55157
IpLen:20 DgmLen:52 DF
***A**** Seq: 0x21D6E47  Ack: 0xF5B81095  Win: 0x1920  TcpLen: 32
TCP Options (3) => NOP NOP TS: 160066982 148683

-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-



Vendor Response:

WebSense and Cisco were first notified on 2005-11-04. While no responses
or acknowledgments were received from Websense the following time line
outlines the responses from Cisco regarding this issue:

 2005-11-04 - Acknowledgment of security notification
 2005-12-02 - Subsequent follow-up and response from Cisco to determine
	      cause of observed behavior
 2006-01-04 - Subsequent follow-up and response from Cisco acknowledging
	      issue is being addressed by development teams
 2006-01-30 - Estimated release of PIX code for 7.0.4 release is
	      2/20/2006
 2006-02-17 - Notified by Cisco that fix will not make estimated
  	      delivery date due to regression issues, new release data
	      of 3/20/2006 provided
 2006-03-06 - Status update from vendor on new date, targets on track 	
	      for 7.0 PIX OS release
 2006-03-13 - Confirmation from Cisco on 3/20 code release
 2006-03-17 - Communications from Cisco notifying VSR of other potential
	      products affected (FWSM).
 2006-03-24 - Communications received from Cisco acknowledging
	      communication with FWSM team
 2006-04-04 - Communication received from Cisco acknowledging FWSM
	      vulnerability
 2006-04-07 - Communications from Cisco confirming fixes for FWSM 2.3.x
	      and 3.x PSIRT awaiting release date for code
 2006-04-14 - Communications from Cisco providing coordination details
	      with FWSM team
 2006-04-18 - Communications from Cisco providing build details
	      incorporating fixes for FWSM products
 2006-04-26 - Communications from Cisco providing details and update on
	      FWSM testing and release availability; coordination for
	      advisory release
 2006-05-04 - Communications from Cisco for advisory release
	      coordination

Recommendation:

Cisco PIX/ASA and FWSM customers should apply the latest upgrades from
vendor:

   PIX OS 7.0.x upgrade is:
	7.0.4.12

    available at:
	http://www.cisco.com/cgi-bin/tablebuild.pl/pix-interim
	http://www.cisco.com/cgi-bin/tablebuild.pl/asa-interim


   PIX OS 6.3 upgrade is:
	6.3.5(112)

    available by customer request via the Cisco TAC


   FWSM 2.3.x upgrade is:
	2.3(4)

    available at:
	http://www.cisco.com/cgi-bin/tablebuild.pl/cat6000-fwsm

   FWSM 3.x upgrade is:
	3.1(1.7)

    available by customer request via the Cisco TAC



-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues.  These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.

  CVE-2006-0515

-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

References:

1.  WebSense Enterprise
    http://www.websense.com/global/en/ProductsServices/WebsenseEnterprise/

2.  Sinhack.net URL Filtering Evasion
    http://sinhack.net/URLFilteringEvasion/

3.  Proof-of-Concept WebSense Bypass utility
    http://www.vsecurity.com/tools/WebsenseBypassProxy.java

-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Vulnerability Disclosure Policy:

http://www.vsecurity.com/disclosurepolicy.html

-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Copyright 2006 Virtual Security Research, LLC. All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFEX2nxTY6Rj3GeBOoRAucJAKCM5Bvtn/hyuDSC/87eLEIPDLZmSgCffMYc
zVXMT1rLZxcJ0PDF4qWjlDQ=
=LrNn
-----END PGP SIGNATURE-----
    

- 漏洞信息

25453
Cisco PIX/ASA/FWSM WebSense URL Filter Bypass
Remote / Network Access Input Manipulation
Loss of Integrity Upgrade
Exploit Public Vendor Verified

- 漏洞描述

Cisco PIX, ASA and FWSM products contain a flaw that may allow a malicious user to bypass Internet content filtering. The issue is triggered when a fragmented HTTP request is sent by the attacker, and the request is not forwarded to a Websense server for evaluation. It is possible that the flaw may allow circumvention of an access control resulting in a loss of integrity.

- 时间线

2006-05-08 2005-08-09
2006-05-08 Unknow

- 解决方案

Upgrade to PIX version 7.0(5), 7.1(2), 6.3.5(112) or higher, ASA version 7.0(5) or higher, FWSM version 2.3(4), 3.1(1.7) or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. PIX version 6.3.5(112) and FWSM version 3.1(1.7) are available only through the Cisco Technical Assistance Center, in reference to this security advisory.

- 相关参考

- 漏洞作者

- 漏洞信息

Multiple Cisco Products WebSense Content Filtering Bypass Vulnerability
Design Error 17883
Yes No
2006-05-08 12:00:00 2006-05-09 09:09:00
Discovered by George D. Gal <ggal@vsecurity.com>.

- 受影响的程序版本

Cisco PIX/ASA 7.0.4 .3
Cisco PIX/ASA 7.0.4
Cisco PIX/ASA 7.0.1 .4
Cisco PIX/ASA 7.0
Cisco PIX Firewall 525 6.3
Cisco PIX Firewall 6.3.3 (133)
Cisco PIX Firewall 6.3.2
Cisco PIX Firewall 6.3.1
Cisco PIX Firewall 6.3 (5)
Cisco PIX Firewall 6.3 (3.109)
Cisco PIX Firewall 6.3 (3.102)
Cisco PIX Firewall 6.3 (3)
Cisco PIX Firewall 6.3 (1)
Cisco PIX Firewall 6.3
Cisco PIX Firewall 6.2.3 (110)
Cisco PIX Firewall 6.2.3
Cisco PIX Firewall 6.2.2 .111
Cisco PIX Firewall 6.2.2
Cisco PIX Firewall 6.2.1
Cisco PIX Firewall 6.2 (3.100)
Cisco PIX Firewall 6.2 (3)
Cisco PIX Firewall 6.2 (2)
Cisco PIX Firewall 6.2 (1)
Cisco PIX Firewall 6.2
Cisco PIX Firewall 6.1.5 (104)
Cisco PIX Firewall 6.1.5
Cisco PIX Firewall 6.1.4
Cisco PIX Firewall 6.1.3
Cisco PIX Firewall 6.1 (5)
Cisco PIX Firewall 6.1 (4)
Cisco PIX Firewall 6.1 (3)
Cisco PIX Firewall 6.1 (2)
Cisco PIX Firewall 6.1 (1)
Cisco PIX Firewall 6.1
+ Cisco PIX Firewall 515
+ Cisco PIX Firewall 520
Cisco PIX Firewall 6.0.4
Cisco PIX Firewall 6.0.3
Cisco PIX Firewall 6.0 (4.101)
Cisco PIX Firewall 6.0 (4)
Cisco PIX Firewall 6.0 (2)
Cisco PIX Firewall 6.0 (1)
Cisco PIX Firewall 6.0
+ Cisco PIX Firewall 515
+ Cisco PIX Firewall 520
Cisco PIX Firewall 5.3 (3)
Cisco PIX Firewall 5.3 (2)
Cisco PIX Firewall 5.3 (1.200)
Cisco PIX Firewall 5.3 (1)
Cisco PIX Firewall 5.3
+ Cisco PIX Firewall 515
+ Cisco PIX Firewall 520
Cisco PIX Firewall 5.2 (9)
Cisco PIX Firewall 5.2 (7)
Cisco PIX Firewall 5.2 (6)
Cisco PIX Firewall 5.2 (5)
Cisco PIX Firewall 5.2 (3.210)
Cisco PIX Firewall 5.2 (2)
Cisco PIX Firewall 5.2 (1)
Cisco PIX Firewall 5.2
Cisco PIX Firewall 5.1.4
Cisco PIX Firewall 5.1 (4.206)
Cisco PIX Firewall 5.1
+ Cisco PIX Firewall 515
+ Cisco PIX Firewall 520
Cisco PIX Firewall 5.0
+ Cisco PIX Firewall 515
+ Cisco PIX Firewall 520
Cisco PIX Firewall 4.4 (8)
Cisco PIX Firewall 4.4 (7.202)
Cisco PIX Firewall 4.4 (4)
Cisco PIX Firewall 4.4
Cisco PIX Firewall 4.3
Cisco PIX Firewall 4.2.2
Cisco PIX Firewall 4.2.1
Cisco PIX Firewall 4.2 (5)
Cisco PIX Firewall 4.2
Cisco PIX Firewall 4.1.6 b
Cisco PIX Firewall 4.1.6
Cisco PIX Firewall 4.0
Cisco PIX Firewall 3.1
Cisco PIX Firewall 3.0
Cisco PIX Firewall 2.7
Cisco Gigabit Switch Router 6.1 del
Cisco Firewall Services Module (FWSM) 3.1
Cisco Firewall Services Module (FWSM) 2.3
Cisco PIX/ASA 7.1(2)
Cisco PIX/ASA 7.0(5)
Cisco PIX Firewall 6.3.5 (112)
Cisco Firewall Services Module (FWSM) 3.1(1.7)
Cisco Firewall Services Module (FWSM) 2.3(4)

- 不受影响的程序版本

Cisco PIX/ASA 7.1(2)
Cisco PIX/ASA 7.0(5)
Cisco PIX Firewall 6.3.5 (112)
Cisco Firewall Services Module (FWSM) 3.1(1.7)
Cisco Firewall Services Module (FWSM) 2.3(4)

- 漏洞讨论

Multiple Cisco products are susceptible to a content-filtering bypass vulnerability. This issue is due to a failure of the software to properly recognize HTTP request traffic.

This issue allows users to bypass content-filtering and access forbidden websites.

Cisco is tracking this issue as Bug IDs CSCsc67612, CSCsc68472, and CSCsd81734.http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsd81734

- 漏洞利用

Attackers can use standard network utilities to exploit this issue.

The following Java application may be used to demonstrate this issue:

- 解决方案

The vendor has released an advisory, along with fixes to address this issue. Please see the referenced advisory for further information on obtaining fixes.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站