Описание
Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.
Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-0515
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26308
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045899.html
- http://secunia.com/advisories/20044
- http://securitytracker.com/id?1016039
- http://securitytracker.com/id?1016040
- http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_security_response09186a00806824ec.html
- http://www.osvdb.org/25453
- http://www.securityfocus.com/archive/1/433270/100/0/threaded
- http://www.securityfocus.com/bid/17883
- http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt
- http://www.vupen.com/english/advisories/2006/1738
EPSS
CVE ID
Связанные уязвимости
Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.
EPSS