Imperva Security Response for VU#739224
(HTTP content scanning systems full-width/half-width Unicode encoding bypass)
Revision History
| Date | Comments |
| 5/15/2007 | Initial Version |
Status Summary:
Not Vulnerable
Description
The U.S. Computer Emergency Response Team (US-CERT) has reported a Web attack evasion technique using full-width and half-width Unicode characters intended to evade inspection by IDS/IPS/WAF security products.
The full US-CERT advisory is posted at the following URL: http://www.kb.cert.org/vuls/id/739224
By default, SecureSphere HTTP protocol validation will detect attempts at using this evasion technique and either block or alert according to policy.
For those users requiring use of this encoding format, Imperva released a security update via the ADC security update service on May 10, 2007. This update is available to customers with current product maintenance for SecureSphere. Interested customers should contact Imperva support (support@imperva.com) for assistance in implementing and configuring the update.
Disclaimer
The information within this advisory is subject to change without notice. Use of this information constitutes acceptance for use in an AS IS condition. Any use of this information is at the user’s own risk. There are no warranties, implied or expressed, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright © 2007 Imperva, Inc.Redistribution of this alert electronically is allowed as long as it is not edited in any way. To reprint this alert, in whole or in part, in any medium other than electronic medium, adc@imperva.com for permission.