CVE-2007-3711

Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0210.html
http://osvdb.org/35969
http://secunia.com/advisories/26017	Vendor Advisory
http://www.3com.com/securityalert/alerts/3COM-07-002.html	Vendor Advisory
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_3Com_TippingPoint_IPS_Detection_Bypass_2.pdf
http://www.securityfocus.com/archive/1/473394/100/0/threaded
http://www.securityfocus.com/bid/24861
http://www.securitytracker.com/id?1018386
http://www.vupen.com/english/advisories/2007/2489
https://exchange.xforce.ibmcloud.com/vulnerabilities/35343

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:3com:tippingpoint_ips_tos:2.1:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.1.4.6324:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.2:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.1:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.1.6506:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.2:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.3:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.4:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.5:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.5.1:::::::*

History

No history.

Information

Published : 2007-07-11 23:30

Updated : 2018-10-15 21:29

NVD link : CVE-2007-3711

Mitre link : CVE-2007-3711

CVE.ORG link : CVE-2007-3711

JSON object : View

Products Affected

3com

tippingpoint_ips_tos

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2007-3711", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-07-11T23:30:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0210.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/35969", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26017", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.3com.com/securityalert/alerts/3COM-07-002.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_3Com_TippingPoint_IPS_Detection_Bypass_2.pdf", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/473394/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24861", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018386", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2489", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35343", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets."}, {"lang": "es", "value": "Vulnerabilidad no especificada en TOS 2.1.x, 2.2.x versiones anteriores a 2.2.5, y 2.5.x versiones anteriores a 2.5.2 en TippingPoint IPS permite a atacantes remotos evitar detecci\u00f3n al enviar determinados fragmentos de paquetes."}], "lastModified": "2018-10-15T21:29:56.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53E6DE7F-8507-4C37-A935-554D9F875C69"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.1.4.6324:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6654346B-3574-48D1-9A0B-2750D6FF4D96"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78E1B6D6-F779-451E-B4A9-E04D153F7F0C"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BCF4262-3F3F-44D7-BE61-1FDCF885C95F"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.1.6506:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "276F1810-A4E9-4621-A81A-19EED8146E60"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "272C0A76-2981-42EC-8D85-D33293BE96FD"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F789A9E-34D3-4C17-AAD3-9DA6B940FA45"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87DD0AC2-05E3-4BE7-8EB6-60FA011AA742"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B929C12-052F-4A42-B155-7A51152B902A"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F34B833-674E-4373-A9E1-62EA0A5F690E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}