Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2001-0669 | First vendor Publication | 2001-10-30 |
Vendor | Cve | Last vendor Modification | 2024-11-20 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0669 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 | |
Application | 2 | |
Application | 2 | |
Application | 1 | |
Hardware | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
4443 | Cisco Catalyst 6000 IDS Non-Standard Encoding HTTP Attack Evasion The Cisco Catalyst 6000 IDS contains a flaw that may allow a malicious user to craft HTTP-based attacks that evade detection. The issue is triggered when %u encoding is used to obfuscate HTTP URLs used in attacks. It is possible that the flaw may allow HTTP-based attacks to not be detected by the IDS. |
4442 | Network Flight Recorder (NFR) Non-Standard Encoding HTTP Attack Evasion Network Flight Recorder contains a flaw that may allow a malicious user to craft HTTP-based attacks that evade detection. The issue is triggered when %u encoding is used to obfuscate HTTP URLs used in attacks. It is possible that the flaw may allow HTTP-based attacks to not be detected by the IDS. |
4441 | Dragon Sensor Non-Standard Encoding HTTP Attack Evasion Dragon Sensor contains a flaw that may allow a malicious user to craft HTTP-based attacks that evade detection. The issue is triggered when %u encoding is used to obfuscate HTTP URLs used in attacks. It is possible that the flaw may allow HTTP-based attacks to not be detected by the IDS. |
4440 | ISS RealSecure Server Sensor Non-Standard Encoding HTTP Attack Evasion ISS RealSecure Server Sensor contains a flaw that may allow a malicious user to craft HTTP-based attacks that evade detection. The issue is triggered when %u encoding is used to obfuscate HTTP URLs used in attacks. It is possible that the flaw may allow HTTP-based attacks to not be detected by the IDS. |
4439 | ISS RealSecure Network Sensor Non-Standard Encoding HTTP Attack Evasion ISS RealSecure Network Sensor contains a flaw that may allow a malicious user to craft HTTP-based attacks that evade detection. The issue is triggered when %u encoding is used to obfuscate HTTP URLs used in attacks. It is possible that the flaw may allow HTTP-based attacks to not be detected by the IDS. |
4438 | Cisco Secure IDS Non-Standard Encoding HTTP Attack Evasion Cisco Secure IDS contains a flaw that may allow a malicious user to craft HTTP-based attacks that evade detection. The issue is triggered when %u encoding is used to obfuscate HTTP URLs used in attacks. It is possible that the flaw may allow HTTP-based attacks to not be detected by the IDS. |
4437 | Snort Non-Standard Encoding HTTP Attack Evasion Snort contains a flaw that may allow a malicious user to craft HTTP-based attacks that evade detection. The issue is triggered when %u encoding is used to obfuscate HTTP URLs used in attacks. It is possible that the flaw may allow HTTP-based attacks to not be detected by the IDS. |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 23:24:08 |
|
2024-11-28 12:04:35 |
|
2021-05-04 12:01:25 |
|
2021-04-22 01:01:35 |
|
2020-05-23 00:14:40 |
|
2016-10-18 12:00:55 |
|
2013-05-11 12:04:51 |
|