Vulnerabilities > CVE-2007-2688 - Unspecified vulnerability in Cisco IOS and IPS Sensor Software

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
cisco

Summary

The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.

Oval

accepted2008-09-08T04:00:25.468-04:00
classvulnerability
contributors
nameYuzheng Zhou
organizationHewlett-Packard
descriptionThe Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
familyios
idoval:org.mitre.oval:def:5465
statusaccepted
submitted2008-05-26T11:06:36.000-04:00
titleMultiple Vendor Full and Half Width Unicode Detection Bypass Vulnerability
version2