Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18888
HistoryJan 17, 2008 - 12:00 a.m.

8e6 Technologies R3000 Internet Filter Bypass by Request Split

2008-01-1700:00:00
vulners.com
47
JSON

8e6 Technologies R3000 Internet Filter Bypass by Request Split

Product:

8e6 Technologies R3000 Internet Filter
http://www.8e6.com/network-security/internet-filtering/internet-filtering.html

The HTTP URL filtering function provided by the 8e6 Technologies R3000 Internet Filter can be bypassed
by simply splitting the HTTP request line (which contains the URI) into multiple packets.

Example:

packet 1: GE
packet 2: T / HTTP/1.0\r\n

This weakness is present regardless whether the site block is based on the DNS name or the IP address.
For circumventing blocks based solely on the DNS name it is sufficient to arrange the HTTP request so
that the request line and the Host header end up in separate packets.

Example:

packet 1: GET / HTTP/1.0
X-SomeHeader: …

packet 2: X-SomeOtherHeader: …
Host: www.blocked.com

The vulnerability has been identified in version 2.0.05.33. However, other versions may be also
affected.

Solution:
Use a filtering solution that performs an HTTP request reassembly.

Found by:
nnposter

JSON