CVE-2006-0515 Information

Description

Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5) PIX 6.3.x before 6.3.5(112) and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7) when used with Websense/N2H2 allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets which prevents the request from being sent to Websense for inspection aka bugs CSCsc67612 CSCsc68472 and CSCsd81734.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045899.html http://secunia.com/advisories/20044 http://securitytracker.com/id?1016039 http://securitytracker.com/id?1016040 http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_security_response09186a00806824ec.html http://www.osvdb.org/25453 http://www.securityfocus.com/archive/1/433270/100/0/threaded http://www.securityfocus.com/bid/17883 http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt http://www.vupen.com/english/advisories/2006/1738 https://exchange.xforce.ibmcloud.com/vulnerabilities/26308