Title: NetGap Escaped And Encoded URL Filtering Bypass Vulneribility
Severity: CRITICAL
Description:
NetGAP is an internet security appliance distributed by Spearhead Security. The device is designed to provide a physical buffer between private and public networks, while allowing logical access through content filtering and access control.
A problem with the device may make it possible for a remote user to gain access to restricted resources. This problem can be exploited from either side of the device.
Under normal operation, the NetGAP appliance verifies all requests based on access control and content filtering. Prior to being passed across the bus of the appliance, a typical request must pass the checking of both the access control list, and the authorized content list.
The problem occurs in the checking of URLs that have been encoded with escape characters. Upon receiving a request for a URL that has been encoded by using the escape character (%), the device passes along the request without filtering. The origin of the URL may be either side of the device, making it possible for internal users to gain access to restricted external resources. This problem may also make it possible for external users to gain access to resources protected by the device.
Affected Products:
- Spearhead Security NetGAP 0.0.0200
- Spearhead Security NetGAP 0.0.0300
References:
- SpearHead: NetGap product homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
