Full-Width, Half-Width Unicode Bypasses HTTP Scanning

http://www.kb.cert.org/vuls/id/739224

757 views

Param

2 Comments Tag:

Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. This may allow malicious HTTP traffic to bypass content scanning systems. Full-width and half-width encoding is a technique for encoding Unicode characters. Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded HTTP traffic. By sending specially-crafted HTTP traffic to a vulnerable content scanning system, an attacker may be able to bypass the content scanning system.

A remote, unauthenticated attacker may be able to bypass HTTP content scanning systems.

Email this Story to a Friend

Full-width and half-width is

Submitted by Param on Tue, 2007-05-15 18:16.

Full-width and half-width is an encoding technique for Unicode characters. Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic.

Some Open Source or Microsoft Products such as Microsoft ISS and .NET Framework properly decode this type of encoding. But most IDS/IPS/WAF products does not properly decode full-width Unicode (%uff) encoded HTTP requests for analysis, Lowercase/Uppercase conversion and character matching. By sending HTTP traffic to a vulnerable content scanning system, an attacker may be able to bypass the content scanning system.

-- [Source]

Unicode.org, Halfwidth and

Submitted by Param on Tue, 2007-05-15 18:18.

Unicode.org, Halfwidth and Fullwidth Forms - http://www.unicode.org/charts/PDF/UFF00.pdf

Full-Width, Half-Width Unicode Bypasses HTTP Scanning

Full-width and half-width is

Unicode.org, Halfwidth and

Post new comment

Similar Stories

Get Latest News in your Email

Tags

Who's online