CVE-2006-0515

high

Description

Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045899.html

http://secunia.com/advisories/20044

http://securitytracker.com/id?1016039

http://securitytracker.com/id?1016040

https://exchange.xforce.ibmcloud.com/vulnerabilities/26308

http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_security_response09186a00806824ec.html

http://www.vupen.com/english/advisories/2006/1738

Details

Source: Mitre, NVD

Published: 2006-05-09

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High