Vulnerabilities > CVE-2007-2688 - Unspecified vulnerability in Cisco IOS and IPS Sensor Software
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
Vulnerable Configurations
Oval
accepted | 2008-09-08T04:00:25.468-04:00 | ||||
class | vulnerability | ||||
contributors |
| ||||
description | The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | ||||
family | ios | ||||
id | oval:org.mitre.oval:def:5465 | ||||
status | accepted | ||||
submitted | 2008-05-26T11:06:36.000-04:00 | ||||
title | Multiple Vendor Full and Half Width Unicode Detection Bypass Vulnerability | ||||
version | 2 |
References
- http://secunia.com/advisories/25285
- http://www.cisco.com/en/US/products/products_security_response09186a008083f82e.html
- http://www.gamasec.net/english/gs07-01.html
- http://www.kb.cert.org/vuls/id/739224
- http://www.osvdb.org/35336
- http://www.securityfocus.com/archive/1/468633/100/0/threaded
- http://www.securityfocus.com/bid/23980
- http://www.securitytracker.com/id?1018053
- http://www.securitytracker.com/id?1018054
- http://www.vupen.com/english/advisories/2007/1803
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34277
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5465