CVE-2001-0669

Name of the Vulnerable Software and Affected Versions: Cisco Secure Intrusion Detection System (affected versions not specified) Cisco Catalyst 6000 Intrusion Detection System Module (affected versions not specified) Dragon Sensor versions 4.x Snort versions prior to 1.8.1 ISS RealSecure Network Sensor versions 5.x and 6.x before XPU 3.2 ISS RealSecure Server Sensor versions 5.5 and 6.0 for Windows

Description: The issue allows remote attackers to evade detection of HTTP attacks by using non-standard "%u" Unicode encoding of ASCII characters in the requested URL. This could potentially lead to undetected malicious activity.

Recommendations: For Cisco Secure Intrusion Detection System, update the system to detect non-standard "%u" Unicode encoding. For Cisco Catalyst 6000 Intrusion Detection System Module, update the module to detect non-standard "%u" Unicode encoding. For Dragon Sensor versions 4.x, consider upgrading to a version that detects non-standard "%u" Unicode encoding. For Snort versions prior to 1.8.1, update to version 1.8.1 or later. For ISS RealSecure Network Sensor versions 5.x and 6.x, apply XPU 3.2 or later. For ISS RealSecure Server Sensor versions 5.5 and 6.0 for Windows, consider restricting access to the sensor until a fix is available.