Filter bypass with host decoy


This article applies to:

  • R3000

Question:

Filter bypass with host decoy

Reply

There has recently been an alert posted on the bugtraq Security Focus website regarding the R3000 Filter.

This alert was titled: "8e6 Technologies R3000 Internet Filter Bypass with Host Decoy ", and proceeds to give some additional details about a recently discovered vulnerability found in the R3000 Internet Filter .

We have investigated the issue, and as a result, we will be releasing an upcoming patch within the next week to address the issue.

Please note, this possible bypass technique requires the user to have the ability and knowledge to modify/create custom HTTP headers . This will require additional software outside of what is provided by the typical browser. If you have "locked-down" your workstations to prevent the installation of software/plug-ins, users will likely not be able to take advantage of this vulnerability.

Additionally, this bypass would only work with sites whose IP addresses are not in our R3000 library.

With these factors in mind, this risk posed by this vulnerability is minimal.

Again, we will be releasing an upcoming patch to address this issue within the week of Aug 18, 2008.  This knowledge base article will be updated to reflect this solution once it is available.


This article was previously published as:
8e6 KB 293698

Last Modified 8/18/2008.
https://support.trustwave.com/kb/KnowledgebaseArticle12550.aspx