Bugtraq mailing list archives
Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass
From: fberzau () NOVELL COM (Frank Berzau)
Date: Thu, 6 Jul 2000 16:37:35 +0200
Hi Kevin, We have reproduced this easily on BorderManager 3.5 as well, so we need to go and fix this asap. We'll be sending an udpate once a fix is available. It is already working correctly in Novell ICS. Regards, Frank Berzau Advanced Development Group Novell, Inc.
Kevin R Smith <Kevin.Smith () FIRSTDATACORP CO UK> 05.07.00 13.23 >>>
I suspect that this has already been defined, but I cannot find any reference to it. Setting secure areas on an intranet secured by URL rules within bordermanager can be bypassed by changing some of the characters in the URL with %-encoded triplets. To access http://home.myintranet.com/secure use http://home.myintranet.com/s%45cure It doesn't work for characters in the main domain name, nut sub-folders seem to work ok. I haven't seen any mention of this in any TIDs or service packs for BM, so I assume the fault carries over into version 3.5? Regards, Kevin R Smith
Current thread:
- Novell BorderManager 3.0 EE - Encoded URL rule bypass Kevin R Smith (Jul 05)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Vitaly Fedrushkov (Jul 06)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Knud Erik Højgaard (Jul 06)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Henrik Nordstrom (Jul 10)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Michael R. Rudel (Jul 12)
- The MDMA Crew's GateKeeper Exploit wizdumb () MDMA ZA NET (Jul 13)
- Big Brother filename extension vulnerability xternal (Jul 11)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Henrik Nordstrom (Jul 10)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Ted Behling (Jul 06)
- <Possible follow-ups>
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Frank Berzau (Jul 06)
- Novell BorderManager 3.0 EE - Encoded URL rule bypass Steve Banks (Jul 14)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Coward, Anonymous (Jul 14)