FortiGuard: URL Filtering Application Bypass Vulnerability Jan 03 2008 11:27PM
Danux (danuxx gmail com) (1 replies)
Re: FortiGuard: URL Filtering Application Bypass Vulnerability Jan 04 2008 07:25PM
3APA3A (3APA3A SECURITY NNOV RU)
Dear Danux,

--Friday, January 4, 2008, 2:27:58 AM, you wrote to vulnwatch (at) vulnwatch (dot) org [email concealed]:

D> 1.- HTTP Requests are terminated by the CRLF characters.
D> 2.- Forcing to talk via HTTP/1.0 version so that dont send the host header.
D> 3.- Finally, by Fragmenting the GET or POST requests

D> Macula's Analysis: If you dont have properly installed some AV, HIPS,
D> etc, through this vuln, a workstation can connect to a malicious
D> "Hacking Site" and get infected.

It must be already infected to issue request like this, because all
standard software always add Host: header and do not fragment request.

D> Also through this vuln, you can
D> connect to different porn sites without problems. And no matter if its
D> or not multi-homed web sites. So we consider its not a low risk.

O yeah.... It's great security risk. My morality may be affected.

--
~/ZARAZA http://securityvulns.com/

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus