DansGuardian specially-crafted URL could allow an attacker to bypass filtering
| dansguardian-url-bypass-filtering (9681) |  Medium Risk |
Description:
DansGuardian could allow a remote attacker to bypass filtering and view malicious Web content. A remote attacker could send a specially-crafted URL request containing specific characters replaced by their hexadecimal URL encoded equivalent to bypass content filtering and view unauthorized Web content.
Platforms Affected:
- Daniel Barron, DansGuardian prior to 2.4.5-1
Remedy:
Upgrade to the latest version of DansGuardian (2.4.5-2 or later), available from the DansGuardian Web site. See References.
Consequences:
Bypass Security
References:
- DansGuardian Web site, DansGuardian - True Web Content Filtering for All at http://www.dansguardian.org.
- BID-5291: DansGuardian Hex Encoding URL Content Filter Bypass Vulnerability
- CVE-2002-1599: DansGuardian before 2.4.5-1 allows remote attackers to bypass content filtering rules via hex-encoded URLs.
- CVE-2004-2282: DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a .. in the request.
- OSVDB ID: 5950: DansGuardian Double Dot Filter Bypass
- US-CERT VU#940203: DansGuardian content filtering proxy fails to adequately validate user input thereby allowing user to access restricted site via hex encoded URLs
Reported:
Jul 23, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net