5 results (0.015 seconds)

CVSS: 7.5EPSS: 3%CPEs: 10EXPL: 0

Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets. Vulnerabilidad no especificada en TOS 2.1.x, 2.2.x versiones anteriores a 2.2.5, y 2.5.x versiones anteriores a 2.5.2 en TippingPoint IPS permite a atacantes remotos evitar detección al enviar determinados fragmentos de paquetes. • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0210.html http://osvdb.org/35969 http://secunia.com/advisories/26017 http://www.3com.com/securityalert/alerts/3COM-07-002.html http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_3Com_TippingPoint_IPS_Detection_Bypass_2.pdf http://www.securityfocus.com/archive/1/473394/100/0/threaded http://www.securityfocus.com/bid/24861 http://www.securitytracker.com/id?1018386 http://www.vupen.com/english/advisories/2007/2489 htt • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 10%CPEs: 23EXPL: 3

TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack. TippingPoint IPS versiones anteriores a 20070710 no maneja apropiadamente el alternativo codificado en hexadecimal de un caracter '/' (barra), lo cual podría permitir a atacantes remotos enviar determinado tráfico de red y evitar la detección, como se demuestra con un ataque de cmd.exe. • https://www.exploit-db.com/exploits/30287 http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064550.html http://osvdb.org/35970 http://secunia.com/advisories/26013 http://security-assessment.com/files/advisories/2007-07-11_Tippingpoint_IPS_Signature_Evasion.pdf http://www.3com.com/securityalert/alerts/3COM-07-003.html http://www.securityfocus.com/archive/1/473311/100/0/threaded http://www.securityfocus.com/bid/24855 http://www.securitytracker.com/id?1018361 http:/&#x • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0

3Com TippingPoint IPS allows remote attackers to cause a denial of service (device hang) via a flood of packets on TCP port 80 with sequentially increasing source ports, related to a "badly written loop." NOTE: the vendor disputes this issue, stating that the product has "performed as expected with no DoS emerging. ** DISPUTADA ** 3Com TippingPoint IPS permite a atacantes remotos causar una denegación de servicio (cuelgue de dispositivo) a través de una inundación de paquetes en el puerto TCP 80 con un incremento secuencial de puertos origen, relacionado con un 'bucle mal escrito'. NOTA: el vendedor impugna este problema, basándose en que el producto ha 'funcionado según lo esperado sin emerger DoS'. • http://osvdb.org/35724 http://www.securityfocus.com/archive/1/466784/100/0/threaded http://www.securityfocus.com/archive/1/466795/100/0/threaded http://www.securityfocus.com/archive/1/466891/100/0/threaded http://www.securityfocus.com/bid/23644 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 7%CPEs: 1EXPL: 0

TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to "force the device into layer 2 fallback (L2FB)", causing a denial of service (page fault), via a malformed packet. TippingPoint IPS bajo TippingPoint Operating System (TOS) anterior a 2.2.4.6519 permite a atacantes remotos "forzar al dispositivo dentro de (L2FB) " (layer 2 fallback), provocando una denegación de servicio (fallo de pagina), a través de paquetes malformados. • http://secunia.com/advisories/21154 http://securityreason.com/securityalert/1286 http://securitytracker.com/id?1016562 http://www.3com.com/securityalert/alerts/3COM-06-003.html http://www.securityfocus.com/archive/1/440944/100/0/threaded http://www.securityfocus.com/bid/19125 http://www.vupen.com/english/advisories/2006/2956 https://exchange.xforce.ibmcloud.com/vulnerabilities/27934 • CWE-254: 7PK - Security Features •

CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0

TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, and TOS 2.2.x before 2.2.1.6506, allow remote attackers to cause a denial of service (CPU consumption) via an unknown vector, probably involving an HTTP request with a negative number in the Content-Length header. TippingPoint Intrusion Prevention System (IPS) TOS en versiones anteriores a 2.1.4.6324 y TOS 2.2.x en versiones anteriores a 2.2.1.6506, permiten a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un vector desconocido, probablemente involucrando una petición HTTP con un número negativo en la cabezera Content-Length. • http://isc.sans.org/diary.php?storyid=1042 http://secunia.com/advisories/18515 http://securitytracker.com/id?1015511 http://www.eweek.com/article2/0%2C1759%2C1912048%2C00.asp http://www.osvdb.org/22504 http://www.securityfocus.com/bid/16299 https://exchange.xforce.ibmcloud.com/vulnerabilities/24200 • CWE-399: Resource Management Errors •