Software Engineering Institute

Updated:  September 07, 2001

Status

Affected

Vendor Statement

Please see http://www.cisco.com/warp/public/707/cisco-intrusion-detection-obfuscation-vuln-pub.shtml

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Updated:  September 07, 2001

Status

Affected

Vendor Statement

Dragon Sensor 4.x was affected. Signatures to detect the new IIS UNICODE encoding flaw have been available, and a modification to the Web processing engine is already included in Dragon Sensor 5.0. To obtain dragon products, visit http://dragon.enterasys.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Updated:  September 07, 2001

Status

Affected

Vendor Statement

ISS X-Force has included a patch for this vulnerability in RealSecure Network Sensor X-Press Update 3.2. ISS X-Force recommends that all RealSecure customers download and install the update immediately. RealSecure X-Press Update 3.2 is now available. RealSecure Network Sensor customers can download XPU 3.2 from the following address: http://www.iss.net/db_data/xpu/RS.php
RealSecure Server Sensor version 6.0.1 includes a fix for this vulnerability. RealSecure Server Sensor 6.0.1 will be available for download on September 4, 2001. ISS X-Force recommends that all RealSecure customers upgrade their Windows Server Sensors to version 6.0.1. A patch is being developed for RealSecure Server Sensor 5.5 and will be available on or before August 31, 2001 at the ISS Download Center: http://www.iss.net/eval/eval.php.

BlackICE products are not affected by this vulnerability. Attempts to exploit this vulnerability will trigger the “HTTP URL bad hex code” signature. The next BlackICE product update will specifically address “%u” encoding."

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Updated:  September 18, 2002

Status

Affected

Vendor Statement

Snort 1.8.1 fixes this encoding bug. You can receive it from http://snort.sourcefire.com/.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.