Short Name |
HTTP:IIS:ENCODING:UNICODE |
---|---|
Severity |
Info |
Recommended |
No |
Category |
HTTP |
Keywords |
Unicode Encoding in URL |
Release Date |
2006/10/20 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signatures detects unicode encoding in URLs. Some IPS do not decode unicode in URLs. An attacker can attempt to evade the IPS by using such encoding. Juniper IDP and DI products are not vulnerable to this technique.
The Microsoft IIS web server supports a non-standard method of encoding web requests. Because this method is non-standard, intrusion detection systems may not detect attacks encoded using this method. This vulnerability only affects intrusion detection systems in environments where '%u' unicode encoding is supported by a webserver (ie, IIS). If there is no webserver support for this encoding method or if it is disabled, there will be no targets to which encoded attacks can be sent. **NOTE**: Only RealSecure, Dragon and Snort are confirmed vulnerable. It is highly likely that IDS systems from other vendors are vulnerable as well, however we have not recieved confirmation. This record will be updated as more information becomes available regarding affected technologies. BlackICE products detect '%u' encoded requests as being invalid, but do not decode them and detect encoded attack signatures.