CVE-2007-3701
TippingPoint IPS - Unicode Character Detection Bypass
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.
TippingPoint IPS versiones anteriores a 20070710 no maneja apropiadamente el alternativo codificado en hexadecimal de un caracter '/' (barra), lo cual podría permitir a atacantes remotos enviar determinado tráfico de red y evitar la detección, como se demuestra con un ataque de cmd.exe.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-07-10 First Exploit
- 2007-07-11 CVE Reserved
- 2007-07-11 CVE Published
- 2024-05-14 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064550.html | Mailing List | |
| http://osvdb.org/35970 | Vdb Entry | |
| http://secunia.com/advisories/26013 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/473311/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1018361 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/2490 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35336 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/30287 | 2007-07-10 | |
| http://security-assessment.com/files/advisories/2007-07-11_Tippingpoint_IPS_Signature_Evasion.pdf | 2024-08-07 | |
| http://www.securityfocus.com/bid/24855 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.3com.com/securityalert/alerts/3COM-07-003.html | 2018-10-15 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tippingpoint Search vendor "Tippingpoint" | Tipping Point Search vendor "Tippingpoint" for product "Tipping Point" | 50 Search vendor "Tippingpoint" for product "Tipping Point" and version "50" | - |
Affected
| ||||||
| Tippingpoint Search vendor "Tippingpoint" | Tipping Point Search vendor "Tippingpoint" for product "Tipping Point" | 200 Search vendor "Tippingpoint" for product "Tipping Point" and version "200" | - |
Affected
| ||||||
| Tippingpoint Search vendor "Tippingpoint" | Tipping Point Search vendor "Tippingpoint" for product "Tipping Point" | 200e Search vendor "Tippingpoint" for product "Tipping Point" and version "200e" | - |
Affected
| ||||||
| Tippingpoint Search vendor "Tippingpoint" | Tipping Point Search vendor "Tippingpoint" for product "Tipping Point" | 400 Search vendor "Tippingpoint" for product "Tipping Point" and version "400" | - |
Affected
| ||||||
| Tippingpoint Search vendor "Tippingpoint" | Tipping Point Search vendor "Tippingpoint" for product "Tipping Point" | 600e Search vendor "Tippingpoint" for product "Tipping Point" and version "600e" | - |
Affected
| ||||||
| Tippingpoint Search vendor "Tippingpoint" | Tipping Point Search vendor "Tippingpoint" for product "Tipping Point" | 1200 Search vendor "Tippingpoint" for product "Tipping Point" and version "1200" | - |
Affected
| ||||||
| Tippingpoint Search vendor "Tippingpoint" | Tipping Point Search vendor "Tippingpoint" for product "Tipping Point" | 1200e Search vendor "Tippingpoint" for product "Tipping Point" and version "1200e" | - |
Affected
| ||||||
| Tippingpoint Search vendor "Tippingpoint" | Tipping Point Search vendor "Tippingpoint" for product "Tipping Point" | 2400e Search vendor "Tippingpoint" for product "Tipping Point" and version "2400e" | - |
Affected
| ||||||
| Tippingpoint Search vendor "Tippingpoint" | Tipping Point Search vendor "Tippingpoint" for product "Tipping Point" | 5000e Search vendor "Tippingpoint" for product "Tipping Point" and version "5000e" | - |
Affected
| ||||||
| Tippingpoint Search vendor "Tippingpoint" | Tipping Point Search vendor "Tippingpoint" for product "Tipping Point" | sms Search vendor "Tippingpoint" for product "Tipping Point" and version "sms" | - |
Affected
| ||||||
| Tippingpoint Search vendor "Tippingpoint" | Tipping Point Search vendor "Tippingpoint" for product "Tipping Point" | x505 Search vendor "Tippingpoint" for product "Tipping Point" and version "x505" | - |
Affected
| ||||||
| Tippingpoint Search vendor "Tippingpoint" | Tipping Point Search vendor "Tippingpoint" for product "Tipping Point" | x506 Search vendor "Tippingpoint" for product "Tipping Point" and version "x506" | - |
Affected
| ||||||
| Tippingpoint Search vendor "Tippingpoint" | Tipping Point Search vendor "Tippingpoint" for product "Tipping Point" | zpha Search vendor "Tippingpoint" for product "Tipping Point" and version "zpha" | - |
Affected
| ||||||
| 3com Search vendor "3com" | Tippingpoint Ips Tos Search vendor "3com" for product "Tippingpoint Ips Tos" | 2.1 Search vendor "3com" for product "Tippingpoint Ips Tos" and version "2.1" | - |
Affected
| ||||||
| 3com Search vendor "3com" | Tippingpoint Ips Tos Search vendor "3com" for product "Tippingpoint Ips Tos" | 2.1.4.6324 Search vendor "3com" for product "Tippingpoint Ips Tos" and version "2.1.4.6324" | - |
Affected
| ||||||
| 3com Search vendor "3com" | Tippingpoint Ips Tos Search vendor "3com" for product "Tippingpoint Ips Tos" | 2.2 Search vendor "3com" for product "Tippingpoint Ips Tos" and version "2.2" | - |
Affected
| ||||||
| 3com Search vendor "3com" | Tippingpoint Ips Tos Search vendor "3com" for product "Tippingpoint Ips Tos" | 2.2.1 Search vendor "3com" for product "Tippingpoint Ips Tos" and version "2.2.1" | - |
Affected
| ||||||
| 3com Search vendor "3com" | Tippingpoint Ips Tos Search vendor "3com" for product "Tippingpoint Ips Tos" | 2.2.1.6506 Search vendor "3com" for product "Tippingpoint Ips Tos" and version "2.2.1.6506" | - |
Affected
| ||||||
| 3com Search vendor "3com" | Tippingpoint Ips Tos Search vendor "3com" for product "Tippingpoint Ips Tos" | 2.2.2 Search vendor "3com" for product "Tippingpoint Ips Tos" and version "2.2.2" | - |
Affected
| ||||||
| 3com Search vendor "3com" | Tippingpoint Ips Tos Search vendor "3com" for product "Tippingpoint Ips Tos" | 2.2.3 Search vendor "3com" for product "Tippingpoint Ips Tos" and version "2.2.3" | - |
Affected
| ||||||
| 3com Search vendor "3com" | Tippingpoint Ips Tos Search vendor "3com" for product "Tippingpoint Ips Tos" | 2.2.4 Search vendor "3com" for product "Tippingpoint Ips Tos" and version "2.2.4" | - |
Affected
| ||||||
| 3com Search vendor "3com" | Tippingpoint Ips Tos Search vendor "3com" for product "Tippingpoint Ips Tos" | 2.5 Search vendor "3com" for product "Tippingpoint Ips Tos" and version "2.5" | - |
Affected
| ||||||
| 3com Search vendor "3com" | Tippingpoint Ips Tos Search vendor "3com" for product "Tippingpoint Ips Tos" | 2.5.1 Search vendor "3com" for product "Tippingpoint Ips Tos" and version "2.5.1" | - |
Affected
| ||||||