// For flags

CVE-2001-0669

Cisco Secure IDS 2.0/3.0 / Snort 1.x / ISS RealSecure 5/6 / NFR 5.0 - Encoded IIS Detection Evasion

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2001-08-27 CVE Reserved
  • 2001-09-05 First Exploit
  • 2001-10-12 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-08 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Catalyst 6000 Intrusion Detection System Module
Search vendor "Cisco" for product "Catalyst 6000 Intrusion Detection System Module"
*-
Affected
Cisco
Search vendor "Cisco"
Secure Intrusion Detection System
Search vendor "Cisco" for product "Secure Intrusion Detection System"
*-
Affected
Iss
Search vendor "Iss"
Realsecure Network Sensor
Search vendor "Iss" for product "Realsecure Network Sensor"
5.x
Search vendor "Iss" for product "Realsecure Network Sensor" and version "5.x"
-
Affected
Iss
Search vendor "Iss"
Realsecure Network Sensor
Search vendor "Iss" for product "Realsecure Network Sensor"
6.x
Search vendor "Iss" for product "Realsecure Network Sensor" and version "6.x"
-
Affected
Iss
Search vendor "Iss"
Realsecure Server Sensor
Search vendor "Iss" for product "Realsecure Server Sensor"
5.5
Search vendor "Iss" for product "Realsecure Server Sensor" and version "5.5"
-
Affected
Iss
Search vendor "Iss"
Realsecure Server Sensor
Search vendor "Iss" for product "Realsecure Server Sensor"
6.0
Search vendor "Iss" for product "Realsecure Server Sensor" and version "6.0"
-
Affected
Snort
Search vendor "Snort"
Snort
Search vendor "Snort" for product "Snort"
1.8.1
Search vendor "Snort" for product "Snort" and version "1.8.1"
-
Affected
Enterasys
Search vendor "Enterasys"
Dragon
Search vendor "Enterasys" for product "Dragon"
4.x
Search vendor "Enterasys" for product "Dragon" and version "4.x"
-
Affected