Vulnerability Name:

CVE-2007-3701 (CCN-35336)

Assigned:2007-07-11
Published:2007-07-11
Updated:2018-10-15
Summary:TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: Full-Disclosure Mailing List, Tue Jul 10 2007 - 16:37:03 CDT
TippingPoint IPS Signature Evasion

Source: MITRE
Type: CNA
CVE-2007-3701

Source: FULLDISC
Type: UNKNOWN
20070710 TippingPoint IPS Signature Evasion

Source: OSVDB
Type: UNKNOWN
35970

Source: CCN
Type: SA26013
3Com TippingPoint IPS Extended Unicode Detection Bypass

Source: SECUNIA
Type: UNKNOWN
26013

Source: MISC
Type: Exploit, Patch, Vendor Advisory
http://security-assessment.com/files/advisories/2007-07-11_Tippingpoint_IPS_Signature_Evasion.pdf

Source: CCN
Type: SECTRACK ID: 1018361
TippingPoint Intrusion Prevention System Alternate Unicode Character Encodings Lets Remote Users Evade Detection

Source: CCN
Type: 3COM-07-003
TippingPoint IPS Extended Unicode Evasion

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.3com.com/securityalert/alerts/3COM-07-003.html

Source: CCN
Type: OSVDB ID: 35970
3Com TippingPoint IPS Hex Encoded Extended Unicode Detection Bypass

Source: BUGTRAQ
Type: UNKNOWN
20070710 TippingPoint IPS Signature Evasion

Source: BID
Type: Exploit
24855

Source: CCN
Type: BID-24855
TippingPoint IPS Unicode Character Detection Bypass Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018361

Source: VUPEN
Type: UNKNOWN
ADV-2007-2490

Source: XF
Type: UNKNOWN
tippingpoint-hex-security-byass(35336)

Source: XF
Type: UNKNOWN
tippingpoint-hex-security-byass(35336)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:tippingpoint:tipping_point:50:*:*:*:*:*:*:*
  • OR cpe:/a:tippingpoint:tipping_point:200:*:*:*:*:*:*:*
  • OR cpe:/a:tippingpoint:tipping_point:200e:*:*:*:*:*:*:*
  • OR cpe:/a:tippingpoint:tipping_point:400:*:*:*:*:*:*:*
  • OR cpe:/a:tippingpoint:tipping_point:600e:*:*:*:*:*:*:*
  • OR cpe:/a:tippingpoint:tipping_point:1200:*:*:*:*:*:*:*
  • OR cpe:/a:tippingpoint:tipping_point:1200e:*:*:*:*:*:*:*
  • OR cpe:/a:tippingpoint:tipping_point:2400e:*:*:*:*:*:*:*
  • OR cpe:/a:tippingpoint:tipping_point:5000e:*:*:*:*:*:*:*
  • OR cpe:/a:tippingpoint:tipping_point:sms:*:*:*:*:*:*:*
  • OR cpe:/a:tippingpoint:tipping_point:x505:*:*:*:*:*:*:*
  • OR cpe:/a:tippingpoint:tipping_point:x506:*:*:*:*:*:*:*
  • OR cpe:/a:tippingpoint:tipping_point:zpha:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.1.4.6324:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.2.1.6506:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.5:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.5.1:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:3com:tippingpoint_ips_tos:2.1:*:*:*:*:*:*:*
  • OR cpe:/h:3com:3crtpx505-73:-:*:*:*:*:*:*:*
  • OR cpe:/h:3com:3crx506-96:-:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.1.4.6324:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.2.1.6506:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.5:*:*:*:*:*:*:*
  • OR cpe:/o:3com:tippingpoint_ips_tos:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/h:3com:tippingpoint_200:*:*:*:*:*:*:*:*
  • OR cpe:/h:3com:tippingpoint_200e:*:*:*:*:*:*:*:*
  • OR cpe:/h:3com:tippingpoint_2400e:*:*:*:*:*:*:*:*
  • OR cpe:/h:3com:tippingpoint_50:*:*:*:*:*:*:*:*
  • OR cpe:/h:3com:tippingpoint_5000e:*:*:*:*:*:*:*:*
  • OR cpe:/h:3com:tippingpoint_600e:*:*:*:*:*:*:*:*
  • OR cpe:/a:3com:tippingpoint_sms_client:3.1.1.7943:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    tippingpoint tipping point 50
    tippingpoint tipping point 200
    tippingpoint tipping point 200e
    tippingpoint tipping point 400
    tippingpoint tipping point 600e
    tippingpoint tipping point 1200
    tippingpoint tipping point 1200e
    tippingpoint tipping point 2400e
    tippingpoint tipping point 5000e
    tippingpoint tipping point sms
    tippingpoint tipping point x505
    tippingpoint tipping point x506
    tippingpoint tipping point zpha
    3com tippingpoint ips tos 2.1
    3com tippingpoint ips tos 2.1.4.6324
    3com tippingpoint ips tos 2.2
    3com tippingpoint ips tos 2.2.1
    3com tippingpoint ips tos 2.2.1.6506
    3com tippingpoint ips tos 2.2.2
    3com tippingpoint ips tos 2.2.3
    3com tippingpoint ips tos 2.2.4
    3com tippingpoint ips tos 2.5
    3com tippingpoint ips tos 2.5.1
    3com tippingpoint ips tos 2.1
    3com 3crtpx505-73 -
    3com 3crx506-96 -
    3com tippingpoint ips tos 2.1.4.6324
    3com tippingpoint ips tos 2.2
    3com tippingpoint ips tos 2.2.1
    3com tippingpoint ips tos 2.2.1.6506
    3com tippingpoint ips tos 2.2.2
    3com tippingpoint ips tos 2.2.3
    3com tippingpoint ips tos 2.2.4
    3com tippingpoint ips tos 2.5
    3com tippingpoint ips tos 2.5.1
    3com tippingpoint 200 *
    3com tippingpoint 200e *
    3com tippingpoint 2400e *
    3com tippingpoint 50 *
    3com tippingpoint 5000e *
    3com tippingpoint 600e *
    3com tippingpoint sms client 3.1.1.7943