|
|
|
|
| |
| The 8e6 Professional Edition offers "high-performance, enterprise-level filtering with the R3000 Internet Filter. An appliance optimized for speed and scalability, the R3000 provides 90+ categories and millions of Web sites in the 8e6 Database. Deployed in pass-by or transparent mode, the R3000 sits outside the flow of network traffic to "watch" rather than "stop and check", delivering unmatched network compatibility and performance". A vulnerability in the way 8e6 Technologies R300 filtering HTTP requests can be bypassed by sending it a malformed Host field, this would allow an attacker to bypass the restrictions imposed by the 8e6 solution. |
| |
Credit:
The information has been provided by nnposter.
|
| |
Vulnerable Systems:
* 8e6 Technologies R3000 version 2.0.12.10
The HTTP URL filtering function provided by the 8e6 Technologies R3000 Internet Filter contains a vulnerability in that it can mistake a properly formed custom header for the Host header. This can be exploited for bypassing the filter by providing an allowed site in the custom header.
Examples:
GET / HTTP/1.0
X-DecoyHost: www.allowed.org
Host: www.blocked.org
GET / HTTP/1.0
X-Decoy: Host: www.allowed.org
Host: www.blocked.org
This weakness cannot be leveraged for circumventing blocks based on IP addresses (as opposed to DNS names).
The vulnerability has been identified in version 2.0.12.10. However, other versions may be also affected.
|
|
|
|
|
|
|
