Trend Micro InterScan VirusWall HTTP proxy 3.6 with the Skip scanning if Content-length equals 0 option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP clients.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Interscan_viruswall | Trend_micro | 3.6 (including) | 3.6 (including) |
| Interscan_viruswall | Trend_micro | 3.51 (including) | 3.51 (including) |
References
- http://seclists.org/lists/bugtraq/2002/Mar/0162.html
- http://www.inside-security.de/vwall_cl0.html
- http://www.iss.net/security_center/static/8425.php
- http://www.securityfocus.com/bid/4265
- http://seclists.org/lists/bugtraq/2002/Mar/0162.html
- http://www.inside-security.de/vwall_cl0.html
- http://www.iss.net/security_center/static/8425.php
- http://www.securityfocus.com/bid/4265