1. CVE-Search
  2. CVE-2001-0669
ID CVE-2001-0669
Summary Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.
References
Vulnerable Configurations
  • cpe:2.3:a:cisco:catalyst_6000_intrusion_detection_system_module:*:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:catalyst_6000_intrusion_detection_system_module:*:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:secure_intrusion_detection_system:*:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_intrusion_detection_system:*:*:*:*:*:*:*:*
  • cpe:2.3:a:iss:realsecure_network_sensor:5.x:*:*:*:*:*:*:*
    cpe:2.3:a:iss:realsecure_network_sensor:5.x:*:*:*:*:*:*:*
  • cpe:2.3:a:iss:realsecure_network_sensor:6.x:*:*:*:*:*:*:*
    cpe:2.3:a:iss:realsecure_network_sensor:6.x:*:*:*:*:*:*:*
  • cpe:2.3:a:iss:realsecure_server_sensor:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:iss:realsecure_server_sensor:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:iss:realsecure_server_sensor:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:iss:realsecure_server_sensor:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:snort:snort:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:snort:snort:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:h:enterasys:dragon:4.x:*:*:*:*:*:*:*
    cpe:2.3:h:enterasys:dragon:4.x:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2016 - 02:11)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 3292
bugtraq 20010905 %u encoding IDS bypass vulnerability
cert-vn VU#548515
cisco 20010905 Cisco Secure Intrusion Detection System Signature Obfuscation Vulnerability
iss 20010905 Multiple Vendor IDS Unicode Bypass Vulnerability
Last major update 18-10-2016 - 02:11
Published 30-10-2001 - 05:00
Last modified 18-10-2016 - 02:11
Back to Top