Evasion attempt using twice-encoded ' character


Description   Special characters in URL might be encoded using the %xx encoding. Some attacks use a double encoding to evade signature protection.
This alarm might also be raised in case an URL is passed as a parameter twice, and encoded each time. This alarm is being raised by a phpbb worm which exploit the highlight parameter vulnerability.
     
Default
configuration 		 
Profiles High Medium Low Internet
Action Block Pass Pass Pass
Alarm Level Minor Minor Ignore Ignore
     
References   CVE: CVE-2001-0333
Secunia: 13239
     
Available since   ASQ v3.2.0
     
Protects   Datalife Engine "dle_config_api" Parameter File Inclusion Vulnerability
100 last CVE   CVE-2009-3055


 
 
 
 
 Risk level 
Low