8E6 Technologies R3000 Host Header Internet Filter Security Bypass Vulnerability

Bugtraq ID:	30541
Class:	Design Error
CVE:	CVE-2008-3494
Remote:	Yes
Local:	No
Published:	Aug 05 2008 12:00AM
Updated:	May 07 2015 05:25PM
Credit:	nnposter
Vulnerable:	8E6 Technologies R3000 Internet Filter 2.0.12 .10 (firmware)
Not Vulnerable:	8E6 Technologies R3000 Internet Filter 2.1.5 (firmware)

8E6 Technologies R3000 Host Header Internet Filter Security Bypass Vulnerability

8e6 Technologies R3000 Internet Filter is prone to a vulnerability that allows attackers to bypass URI filters.

Attackers can exploit this issue by sending specially crafted HTTP request packets for an arbitrary website. Successful exploits allow attackers to view sites that the device is meant to block. This could aid in further attacks.

R3000 Internet Filter 2.0.12.10 is vulnerable; other versions may also be affected.

8E6 Technologies R3000 Host Header Internet Filter Security Bypass Vulnerability

Attackers may exploit this issue through a browser.

The following example requests are available:

GET / HTTP/1.0
X-DecoyHost: www.allowed.org
Host: www.blocked.org

GET / HTTP/1.0
X-Decoy: Host: www.allowed.org
Host: www.blocked.org

8E6 Technologies R3000 Host Header Internet Filter Security Bypass Vulnerability

Solution:
The vendor has addressed this issue in the forthcoming R3000 Internet Filter 2.1.05 (firmware). The patch is currently available for beta testing. Please contact the vendor for more information.

8E6 Technologies R3000 Host Header Internet Filter Security Bypass Vulnerability

References:

• 8e6 R3000 Homepage (8e6 Technologies)
  
• 8e6 Technologies R3000 Internet Filter Bypass with Host Decoy ([email protected])