Cyber Security Institute
§ Current Worries
Top 3 Worries
- Regulations
- Old Firewall Configurations
- Security Awareness
§ Listening
For the best information
- The underground
- Audible
- Executive Excellence
- Music (to keep me sane)
§ Watching
For early warnings
- 150 Security Websites
- AP Newsfeeds
- Vendors
Thursday, May 17, 2007
Traffic-Scanning Flaw Hits 90+ Vendors
It’s not every day that US-CERT warns of a flaw that is potentially so widespread that it could affect more than 90 vendors covering a huge swath of the IT industry. US-CERT’s HTTP content scanning systems full-width/half-width Unicode encoding bypass flaw could potentially be one of the most widespread networking security flaws discovered in years. If exploited, a malicious user could use the bypass to attack a vulnerable environment.
An attacker could send a malicious HTTP packet to the vulnerable content scanning system
Cisco has confirmed that its Cisco Intrusion Prevention System and Cisco IOS with Firewall/IPS Feature Set products are vulnerable to the flaw. Cisco notes in its advisory that it is not aware of any malicious use of the vulnerability. Among those US-CERT lists include: 3com, Alcatel, Avaya, D-Link Systems, Debian GNU/Linux, EMC, Fedora Project, Gentoo Linux, Hitachi, IBM, Intel, Linksys (a division of Cisco), Lucent, McAfee, Microsoft, Nokia, Nortel, Novell, Red Hat, Sony, Sun and Symantec.