3com tippingpoint_ips_tos Security Vulnerabilities

4 Vulnerabilities

Description
TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to "force the device into layer 2 fallback (L2FB)", causing a denial of service (page fault), via a malformed packet. Impacted versions: * Base Score: 5.0, Severity: MEDIUM, ID: CVE-2006-3678, Last Modified: 2018-10-18T16:48:00Z References Patch Patch
TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack. Impacted versions: 2.2, 2.1.4.6324, 2.5, 2.2.4, 2.2.2, 2.2.3, 2.1, 2.2.1, 2.5.1, 2.2.1.6506 Base Score: 7.5, Severity: HIGH, ID: CVE-2007-3701, Last Modified: 2018-10-15T21:29:00Z References Exploit Exploit Exploit Patch Patch Exploit
Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets. Impacted versions: 2.2.1, 2.1, 2.2, 2.5, 2.1.4.6324, 2.2.4, 2.2.2, 2.2.1.6506, 2.5.1, 2.2.3 Base Score: 7.5, Severity: HIGH, ID: CVE-2007-3711, Last Modified: 2018-10-15T21:29:00Z References Vendor Advisory Vendor Advisory
TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, and TOS 2.2.x before 2.2.1.6506, allow remote attackers to cause a denial of service (CPU consumption) via an unknown vector, probably involving an HTTP request with a negative number in the Content-Length header. Impacted versions: , 2.2.0.6504 Base Score:* 5.0, Severity: MEDIUM, ID: CVE-2006-0362, Last Modified: 2017-07-20T01:29:00Z References Patch Patch Patch

Description

TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to "force the device into layer 2 fallback (L2FB)", causing a denial of service (page fault), via a malformed packet.

Impacted versions: *

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2006-3678, Last Modified: 2018-10-18T16:48:00Z

References

Patch Patch

TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.

Impacted versions: 2.2, 2.1.4.6324, 2.5, 2.2.4, 2.2.2, 2.2.3, 2.1, 2.2.1, 2.5.1, 2.2.1.6506

Base Score: 7.5, Severity: HIGH, ID: CVE-2007-3701, Last Modified: 2018-10-15T21:29:00Z

References

Exploit Exploit Exploit Patch Patch Exploit

Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets.

Impacted versions: 2.2.1, 2.1, 2.2, 2.5, 2.1.4.6324, 2.2.4, 2.2.2, 2.2.1.6506, 2.5.1, 2.2.3

Base Score: 7.5, Severity: HIGH, ID: CVE-2007-3711, Last Modified: 2018-10-15T21:29:00Z

References

Vendor Advisory Vendor Advisory

TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, and TOS 2.2.x before 2.2.1.6506, allow remote attackers to cause a denial of service (CPU consumption) via an unknown vector, probably involving an HTTP request with a negative number in the Content-Length header.

Impacted versions: *, 2.2.0.6504

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2006-0362, Last Modified: 2017-07-20T01:29:00Z

References

Patch Patch Patch

USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.