NETGEAR FM114P IP addresses can bypass URL filtering
| netgear-fm114p-ip-bypass (10061) |  Medium Risk |
Description:
NETGEAR FM114P could allow an attacker to bypass URL filtering and view restricted or malicious Web content. The NETGEAR FM114P firewall can be configured to block Web sites by keywords within URL addresses. An attacker could use the IP address instead of the hostname to bypass URL filtering and view unauthorized Web content.
Platforms Affected:
- NETGEAR, FM114P
Remedy:
No remedy available as of November 15, 2008.
Consequences:
Bypass Security
References:
- BugTraq Mailing List, Sat Sep 07 2002 - 02:08:39 CDT, NetGear FM114P URL filter bypassing vulnerability at http://archives.neohapsis.com/archives/bugtraq/2002-09/0063.html.
- NETGEAR Web site, NETGEAR Cable/DSL Prosafe 802.11b Wireless Firewall Wireless Product at http://www.netgear.com/product_view.asp?xrp=11&yrp=30&zrp=143.
- BID-5667: NetGear FM114P Prosafe URL Filter Bypassing Vulnerability
- BID-567: NT Exchange Server Encapsulated SMTP Address Vulnerability
- CVE-2002-1877: NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the the IP address instead of the hostnmame.
Reported:
Sep 07, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net