GS07-01 Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass
Date & Version : 04/14/2007 - 1.0
Various HTTP content scanning systems fail to properly scan
full-width/half-width Unicode encoded traffic. This may allow malicious
content to bypass HTTP content scanning systems.
HTTP Content Scanning Systems have a pre-processor to decode various
forms of HTTP encoded requests such as UTF encoding for attack signature
analysis. Full-width and half-width is an encoding technique for Unicode
characters. Various HTTP content scanning systems fail to properly scan
full-width/half-width Unicode encoded traffic.
Some Open Source or Microsoft Products such as Microsoft ISS and .NET
Framework properly decode this type of encoding. But most IDS/IPS/WAF
products does not properly decode full-width Unicode (%uff) encoded HTTP
requests for analysis, Lowercase/Uppercase conversion and character
matching. By sending HTTP traffic to a vulnerable content scanning
system, an attacker may be able to bypass the content scanning system.
Risk Level : High
Impact : Security Bypass
Systems Affected :
Checkpoint Web Intelligence (Confirmed)
IBM ISS Proventia Series (Confirmed)
Full List of Vendors : (CERT - Vulnerability Note VU#739224) 
Contact your vendor for a hotfix, patch or advanced configuration.
Fatih Ozavci (GamaTEAM Member)
Caglar Cakici (GamaTEAM Member)
It's detected using GamaSEC Exploit Framework
GamaSEC Information Security Audit and Consulting Services
Original Advisory Link :
1. CERT - Vulnerability Note VU#739224
2. Unicode Home Page
3. Unicode.org, Halfwidth and Fullwidth Forms
IT Security Consultant