Multiple content security programs allow an attacker to use double slash (//) in URL to bypass URL filter

content-slash-bypass-filter (6816) The risk level is classified as MediumMedium Risk

Description:

Multiple content security programs contain a vulnerability in the URL filter which could allow a remote attacker to bypass the filter by using double slash characters (//) in a URL request. An attacker can use this vulnerability to redirect the user to an unauthorized Web server.

Platforms Affected:

  • Baltimore Technologies, WEBSweeper 4.02
  • Trend Micro, AppletTrap 2.0

Remedy:

No remedy available as of July 4, 2009.

Consequences:

Bypass Security

References:

  • eDvice Security Alert, Monday 9 July 2001, Various problems in Ternd Micro AppletTrap URL filtering at http://www.edvicesecurity.com/vul26.htm.
  • eDvice Security Alert, Tuesday 4 September 2001, Various problems in Baltimore WebSweeper URL filtering at http://www.edvicesecurity.com/vul29.htm.
  • MIMEsweeper Technote Sept. 03, 2001, MIMEsweeper / Support / Technotes / WEBsweeper and URL blacklists at http://www.mimesweeper.com/support/technotes/notes/1043.asp.
  • BID-2996: Trend Micro Interscan Applet Trap // Bypass Vulnerability
  • BID-2998: Trend Micro Interscan Applet Trap Encoding Bypass Vulnerability
  • BID-3000: Trend Micro Interscan Applet Trap 0 IP Bypass Vulnerability
  • BID-3296: Baltimore Technologies WEBsweeper Restricted Directory Disclosure Vulnerability
  • CVE-2001-1026: Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs when they are modified in certain ways such as (1) using a double slash (//) instead of a single slash, (2) URL-encoded characters, (3) requesting the IP address instead of the domain name, or (4) using a leading 0 in an octet of an IP address.
  • CVE-2001-1152: Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.

Reported:

Jul 09, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page