Cisco Firewall Service Module (FWSM) Lets Remote Users Bypass Websense Content Filtering With Fragmented Requests
|
|
SecurityTracker Alert ID: 1016039 |
|
SecurityTracker URL: http://securitytracker.com/id/1016039
|
|
CVE Reference:
CVE-2006-0515
(Links to External Site)
|
Date: May 8 2006
|
Impact:
Host/resource access via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): prior to 2.3(4); 3.x prior to 3.1(1.7)
|
Description:
A vulnerability was reported in Cisco Firewall Services Module when used with the Websense content filter. A remote user can access restricted web sites.
A remote user can send an HTTP GET request that is fragmented into multiple packets to cause the target firewall device to incorrectly allow the remote user to access the requested web site.
The Cisco PIX firewall is also affected.
Cisco has assigned Cisco Bug IDs CSCsc67612, CSCsc68472, and CSCsd81734 to this vulnerability.
George Gal of Virtual Security Research reported this vulnerability.
The vendor was notified on November 4, 2005.
A demonstration exploit is available at:
http://www.vsecurity.com/tools/WebsenseBypassProxy.java
The original advisory is available at:
http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt
|
Impact:
A remote user can access restricted web sites.
|
Solution:
The vendor has issued fixed versions of PIX: 6.3.5(112) and later, 7.0(5), and 7.1(2).
The vendor has issued fixed versions of FWSM: 2.3(4) and 3.1(1.7) and later.
The Cisco advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sr-20060508-pix.shtml
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sr-20060508-pix.shtml (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 8 May 2006 14:08:31 -0400
Subject: Cisco Firewall Services Module (FWSM)
|
http://www.cisco.com/warp/public/707/cisco-sr-20060508-pix.shtml
CVE-2006-0515
|
|
