PT-2003-1370 · Symantec · Symantec Enterprise Firewall

Martin Oneal

Published

2003-03-27

Updated

2016-10-18

CVE-2003-0106

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Symantec Enterprise Firewall (SEF) version 7.0

Description The issue concerns the HTTP proxy component, which fails to properly apply pattern matching rules for blocked URLs when requests utilize URL encoding with escapes, Unicode, or UTF-8. This allows proxy users to bypass restrictions.

Recommendations For Symantec Enterprise Firewall (SEF) version 7.0, consider disabling the HTTP proxy feature until a fix is available to prevent users from bypassing URL restrictions.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0106

Affected Products

Symantec Enterprise Firewall

PT-2003-1370 · Symantec · Symantec Enterprise Firewall

CVE-2003-0106

Related Identifiers

Affected Products

References · 6