Vulnerability Name:

CVE-2007-3570 (CCN-34277)

Assigned:2007-05-14
Published:2007-05-14
Updated:2011-03-08
Summary:The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: BugTraq Mailing List, Tue May 15 2007 - 01:36:24 CDT
GS07-01 Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass Vulnerability

Source: MITRE
Type: CNA
CVE-2007-2688

Source: MITRE
Type: CNA
CVE-2007-2689

Source: MITRE
Type: CNA
CVE-2007-2690

Source: MITRE
Type: CNA
CVE-2007-2734

Source: MITRE
Type: CNA
CVE-2007-3570

Source: MITRE
Type: CNA
CVE-2007-5793

Source: CCN
Type: Salesforce Web site
Imperva Security Response for VU#739224

Source: CCN
Type: SA25285
Cisco Products HTTP Unicode Encoding Detection Bypass

Source: CCN
Type: SA25302
3Com TippingPoint IPS HTTP Unicode Encoding Detection Bypass

Source: CCN
Type: SA26692
Novell iChain HTTP Unicode Encoding Detection Bypass

Source: CCN
Type: SA26695
Novell Access Manager HTTP Unicode Encoding Detection Bypass

Source: CCN
Type: SA26698
Novell BorderManager Unicode Encoding Detection Bypass

Source: CCN
Type: SA27455
Stonesoft StoneGate IPS HTTP Unicode Encoding Detection Bypass

Source: CCN
Type: SECTRACK ID: 1018053
Cisco IOS Firewall/IPS Feature Set Lets Remote Users Evade Detection With Certain Character Encodings

Source: CCN
Type: SECTRACK ID: 1018054
Cisco Intrusion Prevention System Lets Remote Users Evade Detection With Certain Character Encodings

Source: CCN
Type: SECTRACK ID: 1018067
Check Point Web Intelligence Lets Remote Users Evade Detection With Certain Character Encodings

Source: CCN
Type: SECTRACK ID: 1018068
Proventia Lets Remote Users Evade Detection With Certain Character Encodings

Source: CCN
Type: 3COM-07-001
TippingPoint™ IPS Unicode Evasion

Source: CCN
Type: cisco-sr-20070514-unicode
Cisco Security Response: HTTP Full-Width and Half-Width Unicode Encoding Evasion

Source: CCN
Type: GamaLAB Security Advisory GS07-01
Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass Vulnerability

Source: CCN
Type: US-CERT VU#739224
HTTP content scanning systems full-width/half-width Unicode encoding bypass

Source: CCN
Type: Stonesoft Information for VU#739224
Stonesoft StoneGate IPS unicode bypass

Source: CCN
Type: Novell Web site, June 28, 2007
Novell Access Manager 3.0 SP1 Release Candidate 1 Readme

Source: CONFIRM
Type: UNKNOWN
http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz

Source: CCN
Type: OSVDB ID: 35336
Cisco Multiple Products HTTP Unicode Encoding Detection Bypass

Source: CCN
Type: OSVDB ID: 35968
3Com TippingPoint IPS HTTP Unicode Encoding Detection Bypass

Source: CCN
Type: OSVDB ID: 37322
Novell Multiple Security Product Unicode Encoded Traffic Detection Bypass

Source: CCN
Type: OSVDB ID: 40627
StoneGate IPS HTTP Unicode Encoded Data Remote Detection Bypass

Source: CCN
Type: OSVDB ID: 45743
Novell Access Manager Linux Access Gateway POST Request Fullwidth/Halfwidth Unicode Encoded Data Bypass

Source: CCN
Type: OSVDB ID: 56534
Check Point Web Intelligence Unicode Character Encoding Handling HTTP Traffic Detection Bypass

Source: CCN
Type: OSVDB ID: 58659
IBM ISS Proventia Multiple Products Unicode Character Encoding Handling HTTP Traffic Detection Bypass

Source: CCN
Type: BID-23980
Multiple Products Full/Half Width Unicode Detection Evasion Vulnerability

Source: CCN
Type: BID-25568
Multiple Novell Content Scanning Systems Full-Width/Half-Width Unicode Scan Bypass Vulnerability

Source: CCN
Type: Stonesoft Web site
IPS Software Solutions

Source: VUPEN
Type: UNKNOWN
ADV-2007-2390

Source: VUPEN
Type: UNKNOWN
ADV-2007-3075

Source: XF
Type: UNKNOWN
multiple-scanengine-unicode-security-bypass(34277)

Source: CCN
Type: McAfee Security Bulletin 612970
IntruShield signature prevents published full/half width Unicode character obfuscation technique

Source: CCN
Type: Novell Security Alert Document ID: 3193302
Security concerns scanning full-width/half-width Unicode encoded traffic

Source: CONFIRM
Type: UNKNOWN
https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:novell:access_manager:3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:cisco:ios:12.0:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.1t:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.1e:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:11.1cc:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.0s:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.0t:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.0st:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.2t:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.2:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:11.3:*:*:*:*:*:*:*
  • OR cpe:/a:checkpoint:web_intelligence:-:*:*:*:*:*:*:*
  • OR cpe:/a:novell:bordermanager:3.8:*:*:*:*:*:*:*
  • OR cpe:/a:novell:ichain:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:imperva:securesphere_mx_management_server:5.0:*:*:*:*:*:*:*
  • OR cpe:/h:3com:3crtpx505-73:-:*:*:*:*:*:*:*
  • OR cpe:/h:3com:3crx506-96:-:*:*:*:*:*:*:*
  • OR cpe:/a:novell:access_manager:3:*:*:*:*:*:*:*
  • OR cpe:/h:3com:tippingpoint_200:*:*:*:*:*:*:*:*
  • OR cpe:/h:3com:tippingpoint_200e:*:*:*:*:*:*:*:*
  • OR cpe:/h:3com:tippingpoint_2400e:*:*:*:*:*:*:*:*
  • OR cpe:/h:3com:tippingpoint_50:*:*:*:*:*:*:*:*
  • OR cpe:/h:3com:tippingpoint_5000e:*:*:*:*:*:*:*:*
  • OR cpe:/h:3com:tippingpoint_600e:*:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:10.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    novell access manager 3
    cisco ios 12.0
    cisco ios 12.1t
    cisco ios 12.1e
    cisco ios 11.1cc
    cisco ios 12.0s
    cisco ios 12.0t
    cisco ios 12.0st
    cisco ios 12.1
    cisco ios 12.2t
    cisco ios 12.2
    cisco ios 11.3
    checkpoint web intelligence -
    novell bordermanager 3.8
    novell ichain 2.3
    imperva securesphere mx management server 5.0
    3com 3crtpx505-73 -
    3com 3crx506-96 -
    novell access manager 3
    3com tippingpoint 200 *
    3com tippingpoint 200e *
    3com tippingpoint 2400e *
    3com tippingpoint 50 *
    3com tippingpoint 5000e *
    3com tippingpoint 600e *
    cisco ios 10.0