Imperva Security Response for VU#739224

(HTTP content scanning systems full-width/half-width Unicode encoding bypass)

Revision History
Date: 5/15/2007
Comments: Initial Version

Status Summary:

Not Vulnerable


The U.S. Computer Emergency Response Team (US-CERT) has reported a Web attack evasion technique using full-width and half-width Unicode characters intended to evade inspection by IDS/IPS/WAF security products.

The full US-CERT advisory is posted at the following URL:

By default, SecureSphere HTTP protocol validation will detect attempts at using this evasion technique and either block or alert according to policy.

For those users requiring use of this encoding format, Imperva released a security update via the ADC security update service on May 10, 2007. This update is available to customers with current product maintenance for SecureSphere. Interested customers should contact Imperva support ( for assistance in implementing and configuring the update.