CVE-2007-2688

Summary

CVE	CVE-2007-2688
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-05-16 01:19:00 UTC
Updated	2026-04-23 00:35:47 UTC
Description	The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.

Risk And Classification

Primary CVSS: v2.0 7.8 from [email protected]

AV:N/AC:L/Au:N/C:N/I:N/A:C

Problem Types: NVD-CWE-Other | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Cisco	Ios	10.0	All	All	All
Operating System	Cisco	Ios	11.1cc	All	All	All
Operating System	Cisco	Ios	11.3	All	All	All
Operating System	Cisco	Ios	12.0	All	All	All
Operating System	Cisco	Ios	12.0s	All	All	All
Operating System	Cisco	Ios	12.0st	All	All	All
Operating System	Cisco	Ios	12.0t	All	All	All
Operating System	Cisco	Ios	12.1	All	All	All
Operating System	Cisco	Ios	12.1e	All	All	All
Operating System	Cisco	Ios	12.1t	All	All	All
Operating System	Cisco	Ios	12.2	All	All	All
Operating System	Cisco	Ios	12.2t	All	All	All
Application	Cisco	Ips Sensor Software	4.0	All	All	All
Application	Cisco	Ips Sensor Software	5.0\(1\)	All	All	All
Application	Cisco	Ips Sensor Software	5.0\(2\)	All	All	All
Application	Cisco	Ips Sensor Software	5.0\(6\)p1	All	All	All
Application	Cisco	Ips Sensor Software	5.1\(1a\)	All	All	All
Application	Cisco	Ips Sensor Software	5.1\(1b\)	All	All	All
Application	Cisco	Ips Sensor Software	5.1\(1c\)	All	All	All
Application	Cisco	Ips Sensor Software	5.1\(1d\)	All	All	All
Application	Cisco	Ips Sensor Software	5.1\(1e\)	All	All	All
Application	Cisco	Ips Sensor Software	5.1\(1\)	All	All	All
Application	Cisco	Ips Sensor Software	5.1\(p1\)	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
Cisco Intrusion Prevention System Lets Remote Users Evade Detection With Certain Character Encodings - SecurityTracker	af854a3a-2127-422b-91ae-364da2661108	www.securitytracker.com
US-CERT Vulnerability Note VU#739224	af854a3a-2127-422b-91ae-364da2661108	www.kb.cert.org	US Government Resource
www.gamasec.net/english/gs07-01.html	af854a3a-2127-422b-91ae-364da2661108	www.gamasec.net
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
Cisco Products HTTP Unicode Encoding Detection Bypass - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Multiple Products Full/Half Width Unicode Detection Evasion Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
Cisco Security Response: HTTP Full-Width and Half-Width Unicode Encoding Evasion [Products & Services] - Cisco Systems	af854a3a-2127-422b-91ae-364da2661108	www.cisco.com
www.osvdb.org/35336	af854a3a-2127-422b-91ae-364da2661108	www.osvdb.org
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Cisco IOS Firewall/IPS Feature Set Lets Remote Users Evade Detection With Certain Character Encodings - SecurityTracker	af854a3a-2127-422b-91ae-364da2661108	www.securitytracker.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.