VULHUB ™

The Microsoft IIS web server supports a non-standard method of encoding web requests. Because this method is non-standard, intrusion detection systems may not detect attacks encoded using this method. This vulnerability only affects intrusion detection systems in environments where '%u' unicode encoding is supported by a webserver (ie, IIS). If there is no webserver support for this encoding method or if it is disabled, there will be no targets to which encoded attacks can be sent. **NOTE**: Only RealSecure, Dragon and Snort are confirmed vulnerable. It is highly likely that IDS systems from other vendors are vulnerable as well, however we have not recieved confirmation. This record will be updated as more information becomes available regarding affected technologies. BlackICE products detect '%u' encoded requests as being invalid, but do not decode them and detect encoded attack signatures.

The Microsoft IIS web server supports a non-standard method of encoding web requests. Because this method is non-standard, intrusion detection systems may not detect attacks encoded using this method. This vulnerability only affects intrusion detection systems in environments where '%u' unicode encoding is supported by a webserver (ie, IIS). If there is no webserver support for this encoding method or if it is disabled, there will be no targets to which encoded attacks can be sent. **NOTE**: Only RealSecure, Dragon and Snort are confirmed vulnerable. It is highly likely that IDS systems from other vendors are vulnerable as well, however we have not recieved confirmation. This record will be updated as more information becomes available regarding affected technologies. BlackICE products detect '%u' encoded requests as being invalid, but do not decode them and detect encoded attack signatures.