The Cisco PIX firewall has an annoying vulnerability. There is a bypass condition that can allow a malicious user to get around site access restricitons.
The vulnerability is caused due to an error within the handling of fragmented HTTP requests. This can be exploited to bypass Websense URL filtering and gain access to restricted websites via HTTP GET requests that are fragmented into multiple packets.
While this is rated “Less critical” by Secunia this can be worse than you might imagine. Web surfing restrictions put in place by companies using products such as Websense are there for a good reason (well, most times). Here’s a scenario. Imagine if you will, a user that has disabled their antivirus and bypassed the URL filtering. If they have taken the time in the first place to bypass filtering, disabling antivirus is not exactly a stretch. A user that has any sort of elevated priviledge can stop the service on Symantec, for example. OK, now they have surfed to a hacker site or something that is less than upstanding. This can present a serious breach that could introduce malware into the enterprise. “But, what about gateway antivirus” you might ask? Well, it won’t do a lick of good with SSL encrypted traffic. By this point, it could be too late.
[tags]Cisco, Websense, Secunia, Vulnerability[/tags]
