SNS IPS: Protocol Alarm

Escaped NULL char in URL

Description		The unicode encoded character %00 has been detected.

Details		Fundamentally, computers only understand numbers. They encode letters and other characters in the form of numbers. Unicode specifies a unique number for each character, whatever the platform, software or language. The incorporation of Unicode in Internet site applications enables the simultaneous satisfaction without modification of the requests of several platforms, languages and countries. Unicode also allows different software programs to exchange characters without loss of data. The Unicode standard defines three forms of encoding which allow the transformation of the same data according to different formats (8 bits, 16 bits, 32 bits). For example, the UTF-8 format (Unicode Transformation Format 8 bits) is very well known for its use in HTML and all other related protocols. Unicode encoding is characterized by %xx (x corresponding to a hexadecimal digit, therefore only 0123456789ABCDEF). If this alarm is configured as pass and if a packet that triggers the alarms is received, the corresponding plugin will detach from the connection and no further protocol analysis will be performed.

Triggering conditions		The unicode encoded character %00 has been detected.

Complements

References

Available since		ASQ v3.2.0

Protects		Piwik Multiple Vulnerabilities Fixed by 2.15.0 TCPDF Library Arbitrary File Deletion Vulnerability mooSocial Cross-Site Scripting and SQL Injection Vulnerabilities Baby Gekko Multiple Cross-Site Scripting Vulnerabilities AB Banner Exchange "page" Local File Inclusion Vulnerability Total Shop UK eCommerce URL Cross-Site Scripting Vulnerability InterPhoto Gallery Cross-Site Scripting and Local File Inclusion Vulnerabilities WordPress kk Star Ratings Plugin "root" File Inclusion Vulnerability WebCalendar "pref_THEME" File Inclusion Vulnerability Mega File Manager File Disclosure and Local File Inclusion Vulnerabilities CitrusDB "load" File Inclusion Vulnerabilities Newscoop Multiple Vulnerabilities OpenCart Two Vulnerabilities eGroupware Products Multiple Vulnerabilities bitweaver Cross-Site Scripting and File Inclusion Vulnerabilities Public Knowledge Project Open Journal Systems Multiple Vulnerabilities phpPaleo Local File Inclusion Vulnerability Open-Realty "select_users_lang" and "select_users_template" Local File Inclusion phpDenora Multiple File Disclosure and SQL Injection Vulnerabilities 11in1 Cross-Site Request Forgery and File Inclusion Vulnerabilities Snort Report "dbtype" Local File Inclusion Vulnerability OpenEMR File Inclusion and Command Injection Vulnerabilities ImpressCMS Multiple Vulnerabilities Koha "Referer" HTTP Header and "KohaOpacLanguage" Local File Inclusion Vulnerabilities ZENworks Asset Management rtrlet Component Arbitrary File Upload Vulnerability OrangeHRM "path" File Inclusion Vulnerability Koha "KohaOpacLanguage" Local File Inclusion Vulnerability Joomla Canteen Component Multiple Vulnerabilities Joomla JE Job Component Multiple Vulnerabilities Joomla JE Story Submit Component "view" File Inclusion Vulnerability Joomla! obSuggest Component "controller" Local File Inclusion Vulnerability CMS Made Simple Multiple Vulnerabilities vtiger CRM Multiple Local File Inclusion Vulnerabilities Dolibarr ERP/CRM Multiple Vulnerabilities Joomla! Simple Page Options Module "spo_site_lang" Local File Inclusion Vulnerability Joomla! YJ Contact Us Component "view" Local File Inclusion Vulnerability Alsbtain Bulletin "act" Local File Inclusion Vulnerability FestOS Multiple Vulnerabilities MODx Cross-Site Scripting and Local File Inclusion Vulnerabilities WeBid Two Vulnerabilities WHMCompleteSolution "templatefile" Local File Inclusion Vulnerability OpenEMR Multiple Vulnerabilities PunBB Reputation Plugin SQL Injection and Local File Inclusion WordPress teachPress Plugin "root" Two Local File Inclusion Vulnerabilities POSH Cross-Site Scripting and File Inclusion Vulnerabilities VLC Media Player "httpd_ClientRecv()" Denial of Service Vulnerability vtiger CRM Multiple Vulnerabilities Magtrb MyNews Multiple Vulnerabilities IdeaCart "page" Local File Inclusion Vulnerability iManager Multiple Vulnerabilities OpenCart Cache Arbitrary File Overwrite Vulnerability MantisBT Multiple Vulnerabilities phpMyAdmin Code Injection and Information Disclosure Vulnerabilities Oracle Fusion Middleware Multiple Code Execution and Security Bypass Oracle Enterprise Manager Suite Remote File Upload and SQL Injection

Last 100 CVE		CVE-2015-7816 CVE-2015-7815 CVE-2012-5700 CVE-2012-4867 CVE-2012-4236 CVE-2012-1935 CVE-2012-1934 CVE-2012-1933 CVE-2012-1496 CVE-2012-1469 CVE-2012-1468 CVE-2012-1467 CVE-2012-0997 CVE-2012-0996 CVE-2012-0992 CVE-2012-0991 CVE-2011-4814 CVE-2011-4810 CVE-2011-4804 CVE-2011-4802 CVE-2011-4715 CVE-2011-4679 CVE-2011-4670 CVE-2011-4329 CVE-2011-3578 CVE-2011-3358 CVE-2011-3357 CVE-2011-3356 CVE-2011-2653 CVE-2011-2508 CVE-2011-2507 CVE-2011-2506 CVE-2011-2505 CVE-2010-5086 CVE-2010-5028 CVE-2010-5022 CVE-2010-4977 CVE-2010-4893 CVE-2010-4883 CVE-2010-4873 CVE-2010-4455 CVE-2010-4453 CVE-2010-4437 CVE-2010-4427 CVE-2010-4425 CVE-2010-4417 CVE-2010-4416 CVE-2010-3884 CVE-2010-3883 CVE-2010-3882 CVE-2010-3600 CVE-2010-3599 CVE-2010-3598 CVE-2010-3597 CVE-2010-3595 CVE-2010-3594 CVE-2010-3592 CVE-2010-3591 CVE-2010-3588 CVE-2010-3574 CVE-2010-3510 CVE-2010-2797 CVE-2009-5089 CVE-2009-5088 CVE-2009-2787 CVE-2009-2786 CVE-2009-2263

Action

Block

Alarm level

Major