CVE-2006-0515

Sažetak

Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045899.html
http://secunia.com/advisories/20044
http://securitytracker.com/id?1016039
http://securitytracker.com/id?1016040
http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_security_response09186a00806824ec.html
http://www.osvdb.org/25453
http://www.securityfocus.com/archive/1/433270/100/0/threaded
http://www.securityfocus.com/bid/17883
http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt
http://www.vupen.com/english/advisories/2006/1738
https://exchange.xforce.ibmcloud.com/vulnerabilities/26308

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

02-07-2024 - 12:57

Objavljeno

09-05-2006 - 10:02