Check Point Web Intelligence Lets Remote Users Evade Detection With Certain Character Encodings
|
|
SecurityTracker Alert ID: 1018067
|
|
SecurityTracker URL: http://securitytracker.com/id?1018067
|
|
CVE Reference: CVE-2007-2689
(Links to External Site)
|
Date: May 16 2007
|
Impact: Host/resource access via network
|
Exploit Included: Yes
|
Description: A vulnerability was reported in Check Point Web Intelligence. A remote user can evade detection.
A remote user can encode packets using a full-width or half-width unicode character set to evade detection by the target system.
Fatih
Ozavci and Caglar Cakici of Gamasec Security discovered this vulnerability.
The original advisory is available at:
http://www.gamasec.net/english/gs07-01.html
|
Impact: A remote user can evade detection by the target system.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.checkpoint.com/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Red Hat Enterprise), UNIX (Solaris - SunOS), Windows (2000), Windows (2003)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 15 May 2007 23:49:41 -0400
Subject: Check Point Web Intelligence
|
http://www.gamasec.net/english/gs07-01.html
CVE-2007-2689
|
|
