Security concerns scanning full-width/half-width Unicode encoded traffic

Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. This may allow malicious content to bypass HTTP content scanning systems. Novell products deemed at risk include iChain, Novell BorderManager and Novell Access Manager.

HTTP Content Scanning Systems have a pre-processor to decode various forms of HTTP encoded requests such as UTF encoding for attack signature analysis. Full-width and half-width is an encoding technique for Unicode characters. Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic.

Novell's existing iChain 2.3, BorderManager 3.9 and Access Manager products does not properly decode full-width Unicode (%uff) encoded HTTP requests for analysis, Lowercase/Uppercase conversion and character matching. By sending HTTP traffic to a vulnerable content scanning system, an attacker may be able to bypass the content scanning system.

Apply iChain 2.3 SP5 Interim Release 3 or greater (2.3.408) foriChain 2.3

For BorderManager 3.9, the fix will be in the 3.9 Support Pack 1 build of the product
For Access Manager 3, the fix will be in the Support Pack 1 build of the product.