2 results (0.004 seconds)

CVSS: 7.5EPSS: 3%CPEs: 10EXPL: 0

Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets. Vulnerabilidad no especificada en TOS 2.1.x, 2.2.x versiones anteriores a 2.2.5, y 2.5.x versiones anteriores a 2.5.2 en TippingPoint IPS permite a atacantes remotos evitar detección al enviar determinados fragmentos de paquetes. • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0210.html http://osvdb.org/35969 http://secunia.com/advisories/26017 http://www.3com.com/securityalert/alerts/3COM-07-002.html http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_3Com_TippingPoint_IPS_Detection_Bypass_2.pdf http://www.securityfocus.com/archive/1/473394/100/0/threaded http://www.securityfocus.com/bid/24861 http://www.securitytracker.com/id?1018386 http://www.vupen.com/english/advisories/2007/2489 htt • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 10%CPEs: 23EXPL: 3

TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack. TippingPoint IPS versiones anteriores a 20070710 no maneja apropiadamente el alternativo codificado en hexadecimal de un caracter '/' (barra), lo cual podría permitir a atacantes remotos enviar determinado tráfico de red y evitar la detección, como se demuestra con un ataque de cmd.exe. • https://www.exploit-db.com/exploits/30287 http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064550.html http://osvdb.org/35970 http://secunia.com/advisories/26013 http://security-assessment.com/files/advisories/2007-07-11_Tippingpoint_IPS_Signature_Evasion.pdf http://www.3com.com/securityalert/alerts/3COM-07-003.html http://www.securityfocus.com/archive/1/473311/100/0/threaded http://www.securityfocus.com/bid/24855 http://www.securitytracker.com/id?1018361 http:/&#x • CWE-20: Improper Input Validation •