CVE-2006-0515

high

Description

Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26308

http://www.vupen.com/english/advisories/2006/1738

http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt

http://www.securityfocus.com/archive/1/433270/100/0/threaded

http://www.osvdb.org/25453

http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_security_response09186a00806824ec.html

http://securitytracker.com/id?1016040

http://securitytracker.com/id?1016039

http://secunia.com/advisories/20044

http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045899.html

Details

Source: Mitre, NVD

Published: 2006-05-09

Updated: 2024-07-02

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High