{"vuid":"VU#139315","idnumber":"139315","name":"SurfControl SuperScout does not filter web requests fragmented in multiple packets","keywords":["SurfControl","SuperScout","HTTP GET","Host:","split packets","proxy server","bypass filtering","internet monitoring","employee monitoring"],"overview":"SurfControl SuperScout Web Filter does not block some HTTP requests that have been fragmented into multiple packets.","clean_desc":"SurfControl SuperScout Web Filter is software intended for companies that wish to limit employees' web surfing to appropriate uses. SuperScout anazlyzes individual packets that contain an HTTP GET request and a \"Host:\" header to determine whether an HTTP request to an inappropriate Web site is being made. SuperScout does not keep state of previous packets. Therefore, it will not block HTTP GET requests if the \"Host:\" header appears in a separate packet.","impact":"Users can bypass SuperScout filtering and access blocked Web content.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"None.","sysaffected":"","thanks":"Thanks to Security Tracker for publishing an article on this issue.","author":"This document was written by Shawn Van Ittersum.","public":["h","t","t","p",":","/","/","w","w","w",".","s","e","c","u","r","i","t","y","t","r","a","c","k","e","r",".","c","o","m","/","a","l","e","r","t","s","/","2","0","0","1","/","J","u","n","/","1","0","0","1","8","0","1",".","h","t","m","l"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-08-30T19:48:30Z","publicdate":"2001-06-21T00:00:00Z","datefirstpublished":"2002-08-09T00:27:16Z","dateupdated":"2002-08-09T00:30:22Z","revision":21,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"3","cam_impact":"2","cam_easeofexploitation":"14","cam_attackeraccessrequired":"10","cam_scorecurrent":"0.29925","cam_scorecurrentwidelyknown":"0.378","cam_scorecurrentwidelyknownexploited":"0.693","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.29925,"vulnote":null}