Check Point Advisories

IPS-1 Protection Update for WWW2 (Version 27)

Check Point Reference: CPAI-2007-201
Date Published: 29 Aug 2007
Severity: High
Last Updated: Wednesday 29 August, 2007
Source:

US-CERT Vulnerability Note VU#739224
Industry Reference:CVE-2007-2688
CVE-2007-3701
Protection Provided by:
Who is Vulnerable? All IPS-1 products with versions of WWW2 prior to version 27
Vulnerability Description

Microsoft IIS decodes Unicode character sets in a variety of ways. There is an uncommon way of creating Unicode characters in HTTP, which IIS (but no other known web servers) decode. It is in the form of percent-u-hexchar-hexchar-hexchar-hexchar.

The IPS-1 WWW2 protocol subsystem has been updated to take full advantage of the latest engine builtins to more properly handle some of the more esoteric Unicode evasion techniques (such as half-width/full-width encoding).
Vulnerability StatusN/A
Update/Patch AvaliableN/A
Vulnerability Details

Microsoft IIS decodes Unicode character sets in a variety of ways. There is an uncommon way of creating Unicode characters in HTTP, which IIS (but no other known web servers) decode. It is in the form of percent-u-hexchar-hexchar-hexchar-hexchar.

The referenced character may be within the normal ASCII character set, and would be interpreted by the IIS server as such. Various intrusion detection systems will not appropriately decode this character into its native form, permitting attacks encoded in this manner to go undetected.

So-called "half-width" and "full-width" Unicode encoding schemesare recognized in the form of %uff[hex char][hexchar].

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK