漏洞信息详情
Trend Micro Interscan Applet陷阱域或IP绕过漏洞
- CNNVD编号:CNNVD-200107-060 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2001-1026
- 漏洞类型: 输入验证
- 发布时间: 2001-07-09
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: trend_micro
- 漏洞来源: on July 9, 2001.');">Discovered and pos...
-
漏洞简介
Trend Micro InterScan AppletTrap 2.0版本当它们以某些方式被改进的时候不能正确过滤URLs,这些方式包含(1)采用双斜线(/ /)代替单斜线,(2)URL编码字符,(3)要求IP地址代替域名,或(4)使用IP地址的八位字节中领先的0。
漏洞公告
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] .
参考网址
来源: XF 名称: applettrap-zero-bypass-restrictions(6819) 链接:http://xforce.iss.net/static/6819.php 来源: XF 名称: applettrap-bypass-ip-restrictions(6818) 链接:http://xforce.iss.net/static/6818.php 来源: XF 名称: applettrap-unicode-bypass-filter(6817) 链接:http://xforce.iss.net/static/6817.php 来源: XF 名称: content-slash-bypass-filter(6816) 链接:http://xforce.iss.net/static/6816.php 来源: BUGTRAQ 名称: 20010709 Various problems in Ternd Micro AppletTrap URL filtering 链接:http://archives.neohapsis.com/archives/bugtraq/2001-07/0129.html 来源: BID 名称: 3000 链接:http://www.securityfocus.com/bid/3000 来源: BID 名称: 2998 链接:http://www.securityfocus.com/bid/2998 来源: BID 名称: 2996 链接:http://www.securityfocus.com/bid/2996
受影响实体
- Trend_micro Interscan_applettrap:2.0<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...