The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Enterprise_firewall | Symantec | 7.0 (including) | 7.0 (including) |
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0152.html
- http://marc.info/?l=bugtraq\u0026m=104869513822233\u0026w=2
- http://marc.info/?l=ntbugtraq\u0026m=104868285106289\u0026w=2
- http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2003032507434754
- http://www.securityfocus.com/bid/7196
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0152.html
- http://marc.info/?l=bugtraq\u0026m=104869513822233\u0026w=2
- http://marc.info/?l=ntbugtraq\u0026m=104868285106289\u0026w=2
- http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2003032507434754
- http://www.securityfocus.com/bid/7196