Short Name |
HTTP:IIS:ENCODING:UNICODE-BP |
---|---|
Severity |
Warning |
Recommended |
No |
Category |
HTTP |
Keywords |
Half-Full Width Unicode Encoding and Double Encoding Bypass |
Release Date |
2007/05/17 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signatures detects unicode encoding in HTTP requests. Some IPS do not decode unicode in HTTP requests properly. An attacker can attempt to evade the IPS by using such encoding.
Multiple products are reportedly prone to a vulnerability that may allow malicious HTTP traffic to bypass detection. Attackers may send this type of HTTP data to evade detection and perform further attacks. Cisco has stated that all IOS releases that support the Firewall/IPS feature set are affected. Although we currently have no definitive list of such versions, Symantec is investigating the matter and will update this BID's list of vulnerable systems appropriately.