Cisco PIX/ASA/FWSM using WebSense/N2H2 content filtering bypass

cisco-websense-content-filtering-bypass (26308) The risk level is classified as LowLow Risk

Description:

Cisco PIX could allow a malicious user to bypass HTTP content restrictions. By using specially-crafted fragmented HTTP GET requests, a user could bypass URL content filtering and access restricted Web sites.


Consequences:

Bypass Security

Remedy:

Refer to the "Cisco Security Response to: PIX/ASA/FWSM Websense/N2H2 Content Filter Bypass" for upgrade or workaround information. See References.

References:

  • Cisco Security Response 2006 May 08 1700 UTC (GMT): PIX/ASA/FWSM Websense/N2H2 Content Filter Bypass.
  • Full-Disclosure Mailing List, Mon May 08 2006 - 10:47:06 CDT: VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices.
  • Virtual Security Research, LLC. Security Advisory : WebSense content filter bypass when deployed in conjunction with Cisco filtering devices .
  • BID-17883: Multiple Cisco Products WebSense Content Filtering Bypass Vulnerability
  • CVE-2006-0515: Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.
  • OSVDB ID: 25453: Cisco PIX/ASA/FWSM WebSense URL Filter Bypass
  • SA20044: Cisco PIX/ASA/FWSM WebSense URL Filtering Bypass
  • SECTRACK ID: 1016039: Cisco Firewall Service Module (FWSM) Lets Remote Users Bypass Websense Content Filtering With Fragmented Requests
  • SECTRACK ID: 1016040: Cisco PIX Firewall Lets Remote Users Bypass Websense Content Filtering With Fragmented Requests
  • VUPEN/ADV-2006-1738: Cisco PIX/ASA/FWSM WebSense/N2H2 Content Filtering Bypass Vulnerability

Platforms Affected:

  • Cisco Firewall Services Module 2.3
  • Cisco Firewall Services Module 3.1
  • Cisco PIX Firewall 2.7
  • Cisco PIX Firewall 3.0
  • Cisco PIX Firewall 3.1
  • Cisco PIX Firewall 4.0
  • Cisco PIX Firewall 4.1(6)
  • Cisco PIX Firewall 4.1(6B)
  • Cisco PIX Firewall 4.2
  • Cisco PIX Firewall 4.2(1)
  • Cisco PIX Firewall 4.2(2)
  • Cisco PIX Firewall 4.2(5)
  • Cisco PIX Firewall 4.3
  • Cisco PIX Firewall 4.4
  • Cisco PIX Firewall 4.4(4)
  • Cisco PIX Firewall 4.4(7.202)
  • Cisco PIX Firewall 4.4(8)
  • Cisco PIX Firewall 5.0
  • Cisco PIX Firewall 5.1
  • Cisco PIX Firewall 5.1(4)
  • Cisco PIX Firewall 5.1(4.206)
  • Cisco PIX Firewall 5.2
  • Cisco PIX Firewall 5.2(1)
  • Cisco PIX Firewall 5.2(2)
  • Cisco PIX Firewall 5.2(3.210)
  • Cisco PIX Firewall 5.2(5)
  • Cisco PIX Firewall 5.2(6)
  • Cisco PIX Firewall 5.2(7)
  • Cisco PIX Firewall 5.2(9)
  • Cisco PIX Firewall 5.3
  • Cisco PIX Firewall 5.3(1)
  • Cisco PIX Firewall 5.3(1.200)
  • Cisco PIX Firewall 5.3(2)
  • Cisco PIX Firewall 5.3(3)
  • Cisco PIX Firewall 6.0
  • Cisco PIX Firewall 6.0(1)
  • Cisco PIX Firewall 6.0(2)
  • Cisco PIX Firewall 6.0(3)
  • Cisco PIX Firewall 6.0(4)
  • Cisco PIX Firewall 6.0(4.101)
  • Cisco PIX Firewall 6.1
  • Cisco PIX Firewall 6.1(1)
  • Cisco PIX Firewall 6.1(2)
  • Cisco PIX Firewall 6.1(3)
  • Cisco PIX Firewall 6.1(4)
  • Cisco PIX Firewall 6.1(5)
  • Cisco PIX Firewall 6.1.5(104)
  • Cisco PIX Firewall 6.2
  • Cisco PIX Firewall 6.2(1)
  • Cisco PIX Firewall 6.2(2)
  • Cisco PIX Firewall 6.2(2.111)
  • Cisco PIX Firewall 6.2(3)
  • Cisco PIX Firewall 6.2(3.100)
  • Cisco PIX Firewall 6.2(3.110)
  • Cisco PIX Firewall 6.3
  • Cisco PIX Firewall 6.3(1)
  • Cisco PIX Firewall 6.3(2)
  • Cisco PIX Firewall 6.3(3)
  • Cisco PIX Firewall 6.3(3.102)
  • Cisco PIX Firewall 6.3(3.109)
  • Cisco PIX Firewall 6.3(3.133)
  • Cisco PIX Firewall 6.3(5)
  • Cisco PIX Firewall 525 6.3

Reported:

May 08, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page