CVE-2001-0669

Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.

Published: Oct 30, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-0669
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
iss / realsecure_server_sensor	5.5	5.5.x
iss / realsecure_network_sensor	6.x	6.x.x
iss / realsecure_server_sensor	6.0	6.0.x
cisco / catalyst_6000_intrusion_detection_system_module	-	-
snort / snort	1.8.1	1.8.1.x
iss / realsecure_network_sensor	5.x	5.x.x
cisco / secure_intrusion_detection_system	-	-
enterasys / dragon	4.x	4.x.x

Vulnerability Database

289,599

CVE-2001-0669