DansGuardian filename bypass filtering

dansguardian-filename-bypass-filtering (16836) The risk level is classified as MediumMedium Risk

Description:

DansGuardian could allow a remote attacker to bypass filtering and view malicious Web content. A remote attacker could send a specially-crafted URL request for a filename containing hexadecimal URL encoded characters to bypass content filtering and view unauthorized Web content.


Consequences:

Bypass Security

Remedy:

No remedy available as of July 2004.

References:

  • BugTraq Mailing List, Thu Jul 29 2004 - 08:43:18 CDT: DansGuardian Hex Encoding URL Banned Extension Filter Bypass Vulnerability.
  • DansGuardian Web site: DansGuardian - True Web Content Filtering for All.
  • BID-10823: DansGuardian Hex Encoded File Extension URI Content Filter Bypass Vulnerability
  • CVE-2004-2065: DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a hex encoded extension or . in the filename.
  • CVE-2004-2283: Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache.
  • OSVDB ID: 5951: DansGuardian Force Unclean Page Filter Bypass
  • OSVDB ID: 8270: DansGuardian Hex Encoded Banned Extension Filter Bypass
  • SA12191: DansGuardian Banned Extension Filter Bypass Vulnerability
  • SECTRACK ID: 1010817: DansGuarding File Extension Filter Can Be Bypassed With Hex-Encoded URLs

Platforms Affected:

  • Daniel Barron DansGuardian 2.8

Reported:

Jul 29, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page