Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: eDvice Security Services (supportedvicesecurity.com)
Date: Sun Jul 29 2001 - 04:13:01 CDT
Sunday 29 July 2001
Various problems in Ternd Micro AppletTrap Script filtering
This is a different advisory than the one we posted on July 9
Trend Micro Applet Trap is a product for blocking malicious Java applets,
product includes an option for URL filtering.
eDvice recently conducted a test of AppletTrap's ability to filter Scripts
at the gateway. AppletTrap includes the ability to filter script languages
AppletTrap includes some design and implementation flaws, which allow an
attacker to bypass restrictions set by the product administrator and
introduce malicious code into an organization.
We found two problems with AppletTrap's Script filtering mechanism:
AppletTrap will not filter scripts that should have been filtered by policy
as long as these scripts appear after a script that is allowed by policy.
For example, if the policy is set to filter only VBScript and not
2) AppletTrap does not recognize and does not filter scripting tags
constructed using extended Unicode notation. This is the same problem we
reported in http://archives.neohapsis.com/archives/bugtraq/2001-05/0285.html
(see also http://www.securityfocus.com/bid/2801) for a different product.
Status and solution
Trend Micro has confirmed these vulnerabilities and will address them in
Discovered by eDvice on 11 July 2001.