Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: eDvice Security Services (supportedvicesecurity.com)
Date: Mon Jul 09 2001 - 11:34:34 CDT
Monday 9 July 2001
eDvice Security Services Advisory - Various problems in Trend Micro
AppletTrap URL filtering
Trend Micro AppletTrap is a product for blocking malicious Java applets,
product includes an option for URL filtering.
eDvice recently conducted a test of AppletTrap's ability to filter URLs at
the gateway. AppletTrap includes the ability to restrict access to selected
URLs. It does not include the option to restrict access to all URLs except
for selected URLs.
AppletTrap includes some design and implementation flaws, which allow an
attacker to easily bypass restrictions set by the product administrator.
This can be used by internal users to bypass AppletTrap's restrictions and
by authorized web servers to redirect the user to unauthorized web servers.
We found four problems with AppletTrap's URL filtering mechanism:
2) URL encoding: The same restriction could also be bypassed by typing:
3) Resolving IP addresses: The same restriction could be bypassed by typing
the IP address of source.com instead of the domain name (the opposite
scenario works as well. I.e. bypassing IP address restriction by using the
Trend Micro was notified on 28 June 2001. The problem was escalated to their
QA department on the same day. We haven't received any further information
from Trend Micro.
Do not rely on Trend Micro AppletTrap for URL filtering until Trend Micro
fixes the problems.
Discovered by eDvice on 28 June 2001.