Cisco PIX, ASA and FWSM products contain a flaw that may allow a malicious user to bypass Internet content filtering. The issue is triggered when a fragmented HTTP request is sent by the attacker, and the request is not forwarded to a Websense server for evaluation. It is possible that the flaw may allow circumvention of an access control resulting in a loss of integrity.

Upgrade to PIX version 7.0(5), 7.1(2), 6.3.5(112) or higher, ASA version 7.0(5) or higher, FWSM version 2.3(4), 3.1(1.7) or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

PIX version 6.3.5(112) and FWSM version 3.1(1.7) are available only through the Cisco Technical Assistance Center, in reference to this security advisory.

• Security Tracker: 1016039
• Bugtraq ID: 17883
• Secunia Advisory ID: 20044
• CVE ID: 2006-0515 (see also: NVD)
• SCIP VulDB ID: 2206
• VUPEN Advisory: ADV-2006-1738
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0215.html
• Vendor Specific Advisory URL: http://www.cisco.com/warp/public/707/cisco-sr-20060508-pix.shtml
• Other Advisory URL: http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt

• George D. Gal - ggalvsecurity.com - Virtual Security Research, LLC.