All the vulnerabilites related to enterasys - dragon
var-200110-0073
Vulnerability from variot
Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL. Multiple intrusion detection systems may be circumvented via %u encoding allowing intruders to launch attacks undetected. The Microsoft IIS web server supports a non-standard method of encoding web requests. If there is no webserver support for this encoding method or if it is disabled, there will be no targets to which encoded attacks can be sent. NOTE: Only RealSecure, Dragon and Snort are confirmed vulnerable. It is highly likely that IDS systems from other vendors are vulnerable as well, however we have not recieved confirmation. This record will be updated as more information becomes available regarding affected technologies. BlackICE products detect '%u' encoded requests as being invalid, but do not decode them and detect encoded attack signatures
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200110-0073",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "realsecure network sensor",
"scope": "eq",
"trust": 1.6,
"vendor": "iss",
"version": "5.x"
},
{
"model": "dragon",
"scope": "eq",
"trust": 1.0,
"vendor": "enterasys",
"version": "4.x"
},
{
"model": "realsecure server sensor",
"scope": "eq",
"trust": 1.0,
"vendor": "iss",
"version": "5.5"
},
{
"model": "realsecure server sensor",
"scope": "eq",
"trust": 1.0,
"vendor": "iss",
"version": "6.0"
},
{
"model": "snort",
"scope": "eq",
"trust": 1.0,
"vendor": "snort",
"version": "1.8.1"
},
{
"model": "realsecure network sensor",
"scope": "eq",
"trust": 1.0,
"vendor": "iss",
"version": "6.x"
},
{
"model": "secure intrusion detection system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "catalyst 6000 intrusion detection system module",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "enterasys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "internet security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the snort",
"version": null
},
{
"model": "project snort",
"scope": "eq",
"trust": 0.3,
"vendor": "snort",
"version": "1.8"
},
{
"model": "project snort",
"scope": "eq",
"trust": 0.3,
"vendor": "snort",
"version": "1.7"
},
{
"model": "project snort",
"scope": "eq",
"trust": 0.3,
"vendor": "snort",
"version": "1.6.3"
},
{
"model": "project snort",
"scope": "eq",
"trust": 0.3,
"vendor": "snort",
"version": "1.6.2"
},
{
"model": "project snort",
"scope": "eq",
"trust": 0.3,
"vendor": "snort",
"version": "1.6.1"
},
{
"model": "project snort",
"scope": "eq",
"trust": 0.3,
"vendor": "snort",
"version": "1.6"
},
{
"model": "project snort",
"scope": "eq",
"trust": 0.3,
"vendor": "snort",
"version": "1.5.2"
},
{
"model": "project snort",
"scope": "eq",
"trust": 0.3,
"vendor": "snort",
"version": "1.5.1"
},
{
"model": "project snort",
"scope": "eq",
"trust": 0.3,
"vendor": "snort",
"version": "1.5"
},
{
"model": "network intrusion detection",
"scope": "eq",
"trust": 0.3,
"vendor": "nfr",
"version": "5.0"
},
{
"model": "security systems realsecure server sensor win",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "6.0"
},
{
"model": "security systems realsecure server sensor win",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "5.5.2"
},
{
"model": "security systems realsecure server sensor win",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "5.5.1"
},
{
"model": "security systems realsecure server sensor win",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "5.5"
},
{
"model": "security systems realsecure server sensor win",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "5.0"
},
{
"model": "security systems realsecure network sensor",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "6.0"
},
{
"model": "security systems realsecure network sensor",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "5.5.2"
},
{
"model": "security systems realsecure network sensor",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "5.5.1"
},
{
"model": "security systems realsecure network sensor",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "5.5"
},
{
"model": "security systems realsecure network sensor",
"scope": "eq",
"trust": 0.3,
"vendor": "internet",
"version": "5.0"
},
{
"model": "dragon ids",
"scope": "eq",
"trust": 0.3,
"vendor": "enterasys",
"version": "4.0"
},
{
"model": "secure ids network sensor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "secure ids host sensor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "catalyst ids module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "project snort",
"scope": "ne",
"trust": 0.3,
"vendor": "snort",
"version": "1.8.1"
},
{
"model": "security systems realsecure server sensor win",
"scope": "ne",
"trust": 0.3,
"vendor": "internet",
"version": "6.0.1"
},
{
"model": "dragon ids",
"scope": "ne",
"trust": 0.3,
"vendor": "enterasys",
"version": "5.0"
},
{
"model": "associates etrust intrusion detection",
"scope": "ne",
"trust": 0.3,
"vendor": "computer",
"version": "1.5"
},
{
"model": "associates etrust intrusion detection",
"scope": "ne",
"trust": 0.3,
"vendor": "computer",
"version": "1.4.5"
},
{
"model": "secure ids network sensor s6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#548515"
},
{
"db": "BID",
"id": "3292"
},
{
"db": "NVD",
"id": "CVE-2001-0669"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-136"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_intrusion_detection_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iss:realsecure_network_sensor:5.x:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iss:realsecure_network_sensor:6.x:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iss:realsecure_server_sensor:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:iss:realsecure_server_sensor:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:snort:snort:1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:catalyst_6000_intrusion_detection_system_module:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:enterasys:dragon:4.x:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0669"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Credited to \u0027hsj\u0027 as being used in proof of concept code for an unrelated vulnerability.\n\nFurther research conducted by eEye Digital Security.",
"sources": [
{
"db": "BID",
"id": "3292"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-136"
}
],
"trust": 0.9
},
"cve": "CVE-2001-0669",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-3478",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0669",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#548515",
"trust": 0.8,
"value": "13.13"
},
{
"author": "CNNVD",
"id": "CNNVD-200110-136",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-3478",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#548515"
},
{
"db": "VULHUB",
"id": "VHN-3478"
},
{
"db": "NVD",
"id": "CVE-2001-0669"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-136"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard \"%u\" Unicode encoding of ASCII characters in the requested URL. Multiple intrusion detection systems may be circumvented via %u encoding allowing intruders to launch attacks undetected. The Microsoft IIS web server supports a non-standard method of encoding web requests. If there is no webserver support for this encoding method or if it is disabled, there will be no targets to which encoded attacks can be sent. \n**NOTE**: Only RealSecure, Dragon and Snort are confirmed vulnerable. It is highly likely that IDS systems from other vendors are vulnerable as well, however we have not recieved confirmation. This record will be updated as more information becomes available regarding affected technologies. \nBlackICE products detect \u0027%u\u0027 encoded requests as being invalid, but do not decode them and detect encoded attack signatures",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0669"
},
{
"db": "CERT/CC",
"id": "VU#548515"
},
{
"db": "BID",
"id": "3292"
},
{
"db": "VULHUB",
"id": "VHN-3478"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-3478",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3478"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3292",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#548515",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2001-0669",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200110-136",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20010905 CISCO SECURE INTRUSION DETECTION SYSTEM SIGNATURE OBFUSCATION VULNERABILITY",
"trust": 0.6
},
{
"db": "ISS",
"id": "20010905 MULTIPLE VENDOR IDS UNICODE BYPASS VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010905 %U ENCODING IDS BYPASS VULNERABILITY",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-74940",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "21100",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-3478",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#548515"
},
{
"db": "VULHUB",
"id": "VHN-3478"
},
{
"db": "BID",
"id": "3292"
},
{
"db": "NVD",
"id": "CVE-2001-0669"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-136"
}
]
},
"id": "VAR-200110-0073",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3478"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:53:57.096000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0669"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.cisco.com/warp/public/707/cisco-intrusion-detection-obfuscation-vuln-pub.shtml"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/3292"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/548515"
},
{
"trust": 1.7,
"url": "http://xforce.iss.net/alerts/advise95.php"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=99972950200602\u0026w=2"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/advisories/index.html"
},
{
"trust": 0.8,
"url": "http://www.iss.net/db_data/xpu/rs.php"
},
{
"trust": 0.8,
"url": "http://www.iss.net/eval/eval.php"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=99972950200602\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.enterasys.com/ids/"
},
{
"trust": 0.3,
"url": "http://www.eeye.com"
},
{
"trust": 0.3,
"url": "http://www.iss.net/securing_e-business/security_products/intrusion_detection/"
},
{
"trust": 0.3,
"url": "http://www.nfr.com/products/nid/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/cc/pd/sqsw/sqidsz/index.shtml"
},
{
"trust": 0.3,
"url": "http://www.snort.org"
},
{
"trust": 0.3,
"url": "http://www.iss.net/xforce"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=99972950200602\u0026amp;w=2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#548515"
},
{
"db": "VULHUB",
"id": "VHN-3478"
},
{
"db": "BID",
"id": "3292"
},
{
"db": "NVD",
"id": "CVE-2001-0669"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-136"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#548515"
},
{
"db": "VULHUB",
"id": "VHN-3478"
},
{
"db": "BID",
"id": "3292"
},
{
"db": "NVD",
"id": "CVE-2001-0669"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-136"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-07T00:00:00",
"db": "CERT/CC",
"id": "VU#548515"
},
{
"date": "2001-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-3478"
},
{
"date": "2001-09-05T00:00:00",
"db": "BID",
"id": "3292"
},
{
"date": "2001-10-30T05:00:00",
"db": "NVD",
"id": "CVE-2001-0669"
},
{
"date": "2001-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-136"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-10-30T00:00:00",
"db": "CERT/CC",
"id": "VU#548515"
},
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-3478"
},
{
"date": "2001-09-05T00:00:00",
"db": "BID",
"id": "3292"
},
{
"date": "2016-10-18T02:11:41.187000",
"db": "NVD",
"id": "CVE-2001-0669"
},
{
"date": "2006-08-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-136"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-136"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple intrusion detection systems may be circumvented via %u encoding",
"sources": [
{
"db": "CERT/CC",
"id": "VU#548515"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "wrong environmental conditions",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-136"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2001-10-30 05:00
Modified
2024-11-20 23:35
Severity ?
Summary
Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | catalyst_6000_intrusion_detection_system_module | * | |
| cisco | secure_intrusion_detection_system | * | |
| iss | realsecure_network_sensor | 5.x | |
| iss | realsecure_network_sensor | 6.x | |
| iss | realsecure_server_sensor | 5.5 | |
| iss | realsecure_server_sensor | 6.0 | |
| snort | snort | 1.8.1 | |
| enterasys | dragon | 4.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:catalyst_6000_intrusion_detection_system_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "670E75BE-D3CB-4BA7-BF17-F4CEFBA668D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_intrusion_detection_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77012AED-148F-422C-AB0C-DBD7BB1D3493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iss:realsecure_network_sensor:5.x:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D349D6-057D-459C-861B-FF9BE193A3D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iss:realsecure_network_sensor:6.x:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D78D55-2486-48C6-8766-D933328F585A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iss:realsecure_server_sensor:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AC67A95B-3CCF-469F-98C2-8D8C7B2E0F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iss:realsecure_server_sensor:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42507EA0-009C-466B-A4AD-F7C050682F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:snort:snort:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12D3E0FE-0557-4B8F-A97B-1FBE6030C8CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:enterasys:dragon:4.x:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE293CA-7874-4B54-8516-AF3469A3440D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard \"%u\" Unicode encoding of ASCII characters in the requested URL."
}
],
"id": "CVE-2001-0669",
"lastModified": "2024-11-20T23:35:52.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-30T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=99972950200602\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-intrusion-detection-obfuscation-vuln-pub.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/548515"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3292"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/alerts/advise95.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=99972950200602\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-intrusion-detection-obfuscation-vuln-pub.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/548515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/alerts/advise95.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2001-0669
Vulnerability from cvelistv5
Published
2001-10-12 04:00
Modified
2024-08-08 04:30
Severity ?
EPSS score ?
Summary
Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/548515 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/3292 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/warp/public/707/cisco-intrusion-detection-obfuscation-vuln-pub.shtml | vendor-advisory, x_refsource_CISCO | |
| http://xforce.iss.net/alerts/advise95.php | third-party-advisory, x_refsource_ISS | |
| http://marc.info/?l=bugtraq&m=99972950200602&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#548515",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/548515"
},
{
"name": "3292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3292"
},
{
"name": "20010905 Cisco Secure Intrusion Detection System Signature Obfuscation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-intrusion-detection-obfuscation-vuln-pub.shtml"
},
{
"name": "20010905 Multiple Vendor IDS Unicode Bypass Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/alerts/advise95.php"
},
{
"name": "20010905 %u encoding IDS bypass vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99972950200602\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard \"%u\" Unicode encoding of ASCII characters in the requested URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#548515",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/548515"
},
{
"name": "3292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3292"
},
{
"name": "20010905 Cisco Secure Intrusion Detection System Signature Obfuscation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-intrusion-detection-obfuscation-vuln-pub.shtml"
},
{
"name": "20010905 Multiple Vendor IDS Unicode Bypass Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/alerts/advise95.php"
},
{
"name": "20010905 %u encoding IDS bypass vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99972950200602\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard \"%u\" Unicode encoding of ASCII characters in the requested URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#548515",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/548515"
},
{
"name": "3292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3292"
},
{
"name": "20010905 Cisco Secure Intrusion Detection System Signature Obfuscation Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-intrusion-detection-obfuscation-vuln-pub.shtml"
},
{
"name": "20010905 Multiple Vendor IDS Unicode Bypass Vulnerability",
"refsource": "ISS",
"url": "http://xforce.iss.net/alerts/advise95.php"
},
{
"name": "20010905 %u encoding IDS bypass vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=99972950200602\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0669",
"datePublished": "2001-10-12T04:00:00",
"dateReserved": "2001-08-27T00:00:00",
"dateUpdated": "2024-08-08T04:30:06.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}