Trend Micro Interscan Applet陷阱域或IP绕过漏洞

漏洞信息详情

Trend Micro Interscan Applet陷阱域或IP绕过漏洞

• CNNVD编号：CNNVD-200107-060
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2001-1026
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2001-07-09
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  trend_micro
• 漏洞来源：
  Discovered and pos…

Trend Micro InterScan AppletTrap 2.0版本当它们以某些方式被改进的时候不能正确过滤URLs，这些方式包含（1）采用双斜线（/ /）代替单斜线，（2）URL编码字符，（3）要求IP地址代替域名，或（4）使用IP地址的八位字节中领先的0。

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>

来源: XF
名称: applettrap-zero-bypass-restrictions(6819)
链接:http://xforce.iss.net/static/6819.php

来源: XF
名称: applettrap-bypass-ip-restrictions(6818)
链接:http://xforce.iss.net/static/6818.php

来源: XF
名称: applettrap-unicode-bypass-filter(6817)
链接:http://xforce.iss.net/static/6817.php

来源: XF
名称: content-slash-bypass-filter(6816)
链接:http://xforce.iss.net/static/6816.php

来源: BUGTRAQ
名称: 20010709 Various problems in Ternd Micro AppletTrap URL filtering
链接:http://archives.neohapsis.com/archives/bugtraq/2001-07/0129.html

来源: BID
名称: 3000
链接:http://www.securityfocus.com/bid/3000

来源: BID
名称: 2998
链接:http://www.securityfocus.com/bid/2998

来源: BID
名称: 2996
链接:http://www.securityfocus.com/bid/2996