CVE-2006-0515 | Vulnerability Database | Aqua Security

Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.

Affected Software

Name	Vendor	Start Version	End Version
Adaptive_security_appliance_software	Cisco	7.0 (including)	7.0 (including)
Adaptive_security_appliance_software	Cisco	7.0(4) (including)	7.0(4) (including)
Adaptive_security_appliance_software	Cisco	7.0.1.4 (including)	7.0.1.4 (including)
Adaptive_security_appliance_software	Cisco	7.0.4.3 (including)	7.0.4.3 (including)

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045899.html
http://secunia.com/advisories/20044
http://securitytracker.com/id?1016039
http://securitytracker.com/id?1016040
http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_security_response09186a00806824ec.html
http://www.osvdb.org/25453
http://www.securityfocus.com/archive/1/433270/100/0/threaded
http://www.securityfocus.com/bid/17883
http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt
http://www.vupen.com/english/advisories/2006/1738
https://exchange.xforce.ibmcloud.com/vulnerabilities/26308
http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045899.html
http://secunia.com/advisories/20044
http://securitytracker.com/id?1016039
http://securitytracker.com/id?1016040
http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_security_response09186a00806824ec.html
http://www.osvdb.org/25453
http://www.securityfocus.com/archive/1/433270/100/0/threaded
http://www.securityfocus.com/bid/17883
http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt
http://www.vupen.com/english/advisories/2006/1738
https://exchange.xforce.ibmcloud.com/vulnerabilities/26308

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-0515
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html