https://www.exploit-db.com/exploits/23925
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-628

KerioPersonalFirewall是一款个人桌面系统防火墙。KerioPersonalFirewall的WEB过滤器对部分URL数据缺少正确处理，远程攻击者可以利用这个漏洞对防火墙进行拒绝服务攻击。Kerio个人防火墙使用web-filter接收URL并返回请求的内容到浏览器中。WEB过滤器阻挡广告，弹出窗口等。如果提交的URL包含非法数据(如类似%13%12%13)，程序在处理时会崩溃。

source: http://www.securityfocus.com/bid/10075/info

Kerio Personal Firewall includes Web URI Filtering functionality. A denial of service vulnerability has been reported to affect Kerio Personal Firewall when Web Filtering functionality is enabled. The issue presents itself when Web Filtering procedures handle a URI that contains certain characters.

http://www.example.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=^S^R^S

来源:XF
名称:kerio-pf-webfilter-dos(15821)
链接:http://xforce.iss.net/xforce/xfdb/15821
来源:BID
名称:10075
链接:http://www.securityfocus.com/bid/10075
来源:www.cipher.org.uk
链接:http://www.cipher.org.uk/index.php?p=advisories/HEX-Kerio_Personal_Firewall_Remote_DOS_7-04-2004.advisory
来源:SECUNIA
名称:11331
链接:http://secunia.com/advisories/11331
来源:BUGTRAQ
名称:20040407KerioPersonalFirewall4.0.13-RemoteDoS(Crash)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108137421524251&w;=2
来源:BUGTRAQ
名称:20040406KerioPersonalFirewall4andIE6″Bug”
链接:http://archives.neohapsis.com/archives/bugtraq/2004-04/0061.html
来源：NSFOCUS
名称：6293
链接：http://www.nsfocus.net/vulndb/6293