|
2106053 : UTF8 found in the HTTP data |
|
Medium RiskQuick Links
- Event Description
- Products that have this security check
- Affected platforms
- How to remove this vulnerability
- References
- Information about this document
Event description
Unicode assigns a unique number to every character used in the writing systems of most world languages. One of its encoding forms is UTF-8 (Universal Character Set or Unicode Transformation Format in 8-bit encoding). It is a means of encoding all Unicode characters as multibyte character sequences so that Unicode characters can be packaged in byte streams. In a string that is encoded as UTF-8, ASCII characters are represented by their normal values, while other Unicode characters are represented by 2-, 3-, or 4-byte sequences. Microsoft IIS (Internet Information Server) only supports 1-, 2- and 3-byte sequences. Bytes with values of 0xc2 or higher indicate the start of a UTF-8 encoded sequence. For example, the escape sequence of %c2%ae in a URL uses the 2-byte UTF-8 encoded form of "®" and %20 is the escaped form of a blank character. Some illegally encoded forms could also be used in a URL for obfuscation
Products that have this security check
- BlackICE
- BlackICE Agent for Server
- BlackICE PC Protection
- BlackICE Server Protection
- Proventia Desktop
- Proventia Network IDS
- Proventia Network IPS
- Proventia Network MFS
- Proventia Server IPS for Linux technology
- Proventia Server IPS for Microsoft Windows technology
- RealSecure Desktop
- RealSecure Desktop Protector
- RealSecure Desktop Protector 3.6
- RealSecure Guard
- RealSecure Network
- RealSecure Sentry
- RealSecure Server Sensor
| HTTP_IIS_UTF8_Evasion | |
This signature detects invalid hex sequences (such as "%c0%af") in submitted URLs. Such URLs may indicate an attacker's attempt to bypass an intrusion detection system. |
Affected platforms
- Microsoft IIS 4.0Microsoft IIS 5.0Microsoft Windows 2000Microsoft Windows NT 4.0
How to remove this vulnerability
Fixed with Microsoft's cumulative patches since August 15, 2001. See Microsoft Corporation Downloads Web site in References for details.
References
Information about this document
The information contained in this document may change without notice, and may have been altered or changed if you have received it from a source other than Internet Security Systems. Use of this information constitutes acceptance for use in an "AS IS" condition, without warranties of any kind, and any use of this information is at the user's own risk. Internet Security Systems disclaims all warranties, either expressed or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Internet Security Systems be liable for any damages whatsoever, including direct, indirect, incidental, consequential or special damages, arising from the use or dissemination hereof, even if Internet Security Systems has been advised of the possibility of such damages.
Copyright © 1997 – 2009 IBM Internet Security Systems. All rights reserved.
This page was created on Thu Jun 11 09:06:51 2009