VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-1907

CVE-2004-1907

Description

A hex-encoded URL containing "%13%12%13" crashes the Kerio Personal Firewall 4.0.13 via its Web Filtering functionality.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A hex-encoded URL containing "%13%12%13" crashes the Kerio Personal Firewall 4.0.13 via its Web Filtering functionality.

Vulnerability

Kerio Personal Firewall (KPF) version 4.0.13, running on Windows, contains a denial of service vulnerability in its Web Filtering component. When the web filter processes a URL that includes the hex-encoded sequence %13%12%13, the firewall GUI crashes immediately and repeated requests can crash the entire application [1], [2]. The same issue may affect version 4.0.14 as well, as no fix is mentioned in the release history [2].

Exploitation

An attacker can exploit this vulnerability remotely by crafting a URL that contains %13%12%13 and inducing a victim to visit it. The attack can be launched via URL redirection or by embedding an IFRAME in a web page, without requiring any user interaction beyond rendering the page [2]. No authentication is needed.

Impact

Successful exploitation causes a denial of service: the Kerio Personal Firewall GUI crashes, and with repeated triggers the firewall itself becomes completely unresponsive [2]. This leaves the protected system without firewall protection, exposing it to network threats.

Mitigation

Kerio had not released a fix for version 4.0.13 as of the publication date of the reference [2]. The recommended workaround is to disable the Web Filtering feature until an update is provided [2]. No fixed version is known from the available references.

References
  1. About Secunia Research | Flexera
  2. 'Kerio Personal Firewall 4.0.13 - Remote DoS (Crash)'

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The Web Filtering component fails to handle hex-encoded URL characters "%13%12%13", causing a crash when it attempts to process them."

Attack vector

An attacker sends a URL containing the hex-encoded characters "%13%12%13" to a victim running KPF 4.0.13 with Web Filtering enabled [ref_id=1]. The Web Filtering tool, which intercepts and processes URLs to block ads and malicious content, cannot handle these specific byte values and causes the Kerio GUI to crash immediately [ref_id=1]. The attack can be delivered remotely via URL redirection or an IFRAME embedded in a web page, without requiring user interaction [ref_id=1]. Repeatedly sending such URLs causes the firewall to crash completely, resulting in a denial of service [ref_id=1].

Affected code

The Web Filtering component in Kerio Personal Firewall (KPF) 4.0.13 crashes when processing URLs containing the hex-encoded sequence "%13%12%13" [ref_id=1]. The advisory does not specify the exact function or file path responsible for parsing these characters.

What the fix does

No patch is provided in the bundle. The advisory recommends disabling Web Filtering until an update is released [ref_id=1]. The vendor's release history at the time did not mention a fix for this issue [ref_id=1]. A proper fix would involve sanitizing or rejecting malformed hex-encoded URL sequences before passing them to the Web Filtering parser.

Preconditions

  • configKerio Personal Firewall 4.0.13 must be running with Web Filtering enabled
  • networkAttacker must be able to deliver a URL containing '%13%12%13' to the victim (e.g., via a web page, IFRAME, or URL redirection)
  • inputNo user interaction required beyond visiting a malicious page or following a crafted link

Reproduction

1. Ensure Kerio Personal Firewall 4.0.13 is running with Web Filtering enabled. 2. Craft a URL containing the hex-encoded sequence "%13%12%13", for example: `http://www.cipher.org.uk/index.php?p=%13%12%13cipher/front.cipher` [ref_id=1]. 3. Deliver the URL to the victim via a browser redirect, IFRAME, or direct navigation. 4. Observe that the Kerio GUI crashes immediately; repeated delivery causes the firewall to crash completely [ref_id=1].

Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.