Aladdin eSafe Gateway过滤绕过漏洞

Aladdin eSafe Gateway过滤绕过漏洞

漏洞ID 1106358 漏洞类型 未知
发布时间 2001-05-29 更新时间 2001-08-14
图片[1]-Aladdin eSafe Gateway过滤绕过漏洞-安全小百科CVE编号 CVE-2001-0521
图片[2]-Aladdin eSafe Gateway过滤绕过漏洞-安全小百科CNNVD-ID CNNVD-200108-055
漏洞平台 Multiple CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/20891
https://www.securityfocus.com/bid/88862
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200108-055
|漏洞详情
AladdineSafeGateway3.0版本及之前版本存在漏洞。远程攻击者可以借助HTML文档内SCRIPT标签的UNICODE编码绕过HTMLSCRIPT过滤。
|漏洞EXP
source: http://www.securityfocus.com/bid/2801/info

eSafe Gateway is a security utility used for filtering internet content.

An html file may be crafted to bypass the script-filtering feature offered by eSafe Gateway. This is done by simply encoding the <SCRIPT> tag in Unicode format, such that the filter ignores the call to execute the script. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/20891.zip
|受影响的产品
Aladdin Knowledge Systems Esafe Gateway 3.0
|参考资料

来源:XF
名称:esafe-gateway-bypass-filtering(6580)
链接:http://xforce.iss.net/static/6580.php
来源:BUGTRAQ
名称:20010529AladdineSafeGatewayScript-filteringBypassthroughUnicodeVulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2001-05/0285.html

相关推荐: Windows NT CVE-1999-0286 Remote Security Vulnerability

Windows NT CVE-1999-0286 Remote Security Vulnerability 漏洞ID 1209193 漏洞类型 Design Error 发布时间 1999-01-01 更新时间 1999-01-01 CVE编号 CVE-19…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享