Vulnerability CVE-2006-0515


Published: 2006-05-09   Modified: 2012-02-12

Description:
Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Cisco -> Pix firewall 
Cisco -> Firewall services module 
Cisco -> Adaptive security appliance 
Cisco -> Adaptive security appliance software 
Cisco -> Pix firewall software 

 References:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045899.html
http://securitytracker.com/id?1016039
http://securitytracker.com/id?1016040
http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_security_response09186a00806824ec.html
http://www.securityfocus.com/archive/1/433270/100/0/threaded
http://www.securityfocus.com/bid/17883
http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt
http://www.vupen.com/english/advisories/2006/1738
https://exchange.xforce.ibmcloud.com/vulnerabilities/26308

Copyright 2024, cxsecurity.com

 

Back to Top