Firewall-1 Allows Script Rule Circumvention Reported January 30, 2000 by Arne Vidstrom
The "Strip Script Tags" in FW-1 can be circumvented by adding an extra less than sign (<) before the actual <SCRIPT> tag in the body of an HTML document. For example, the following code works to bypass Firewall-1 rules. <HTML> Checkpoint is aware of the issue however no response was known at the time of this writing.
Discovered by Arne Vidstrom |
0 comments
Hide comments