CVE DATABASE / CVE-2001-0669
CVE-2001-0669
CVSS 7.5 · HIGH
Summary
Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.
CVSS 2.0 breakdown
| Base score | 7.5 (HIGH) |
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Confidentiality | PARTIAL |
| Integrity | PARTIAL |
| Availability | PARTIAL |
Affected products
Cisco catalyst 6000 intrusion detection system moduleCisco secure intrusion detection systemIss realsecure network sensorIss realsecure server sensorSnort snortEnterasys dragon
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://marc.info/?l=bugtraq&m=99972950200602&w=2
- http://www.cisco.com/warp/public/707/cisco-intrusion-detection-obfuscation-vuln-pub.shtml
- http://www.kb.cert.org/vuls/id/548515
- http://www.securityfocus.com/bid/3292
- http://xforce.iss.net/alerts/advise95.php
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.