CVE-2007-2734 - OpenCVE

The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
3com	Tippingpoint 600e Tippingpoint 50 Tippingpoint 5000e 3crtpx505-73 3crx506-96 Tippingpoint 2400e Tippingpoint 200e Tippingpoint 200

Configuration 1 [-]

OR	cpe:2.3:h:3com:3crtpx505-73::::::::
	cpe:2.3:h:3com:3crx506-96::::::::
	cpe:2.3:h:3com:tippingpoint_200::::::::
	cpe:2.3:h:3com:tippingpoint_200e::::::::
	cpe:2.3:h:3com:tippingpoint_2400e::::::::
	cpe:2.3:h:3com:tippingpoint_50::::::::
	cpe:2.3:h:3com:tippingpoint_5000e::::::::
	cpe:2.3:h:3com:tippingpoint_600e::::::::

References

Link	Resource
http://osvdb.org/35968
http://secunia.com/advisories/25302	Patch Vendor Advisory
http://securityreason.com/securityalert/2712
http://www.3com.com/securityalert/alerts/3COM-07-001.html
http://www.gamasec.net/english/gs07-01.html
http://www.kb.cert.org/vuls/id/739224	US Government Resource
http://www.securityfocus.com/archive/1/468633/100/0/threaded
http://www.vupen.com/english/advisories/2007/1817

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-16T22:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-05-16T00:00:00

Link: CVE-2007-2734

JSON object: View

NVD Information

Status : Modified

Published: 2007-05-16T22:30:00.000

Modified: 2018-10-16T16:45:17.150

Link: CVE-2007-2734

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-14T00:00:00", "descriptions": [{"lang": "en", "value": "The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "VU#739224", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/739224"}, {"name": "2712", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2712"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.3com.com/securityalert/alerts/3COM-07-001.html"}, {"name": "25302", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25302"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gamasec.net/english/gs07-01.html"}, {"name": "35968", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35968"}, {"name": "ADV-2007-1817", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1817"}, {"name": "20070515 GS07-01 Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/468633/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2734", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#739224", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/739224"}, {"name": "2712", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2712"}, {"name": "http://www.3com.com/securityalert/alerts/3COM-07-001.html", "refsource": "CONFIRM", "url": "http://www.3com.com/securityalert/alerts/3COM-07-001.html"}, {"name": "25302", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25302"}, {"name": "http://www.gamasec.net/english/gs07-01.html", "refsource": "MISC", "url": "http://www.gamasec.net/english/gs07-01.html"}, {"name": "35968", "refsource": "OSVDB", "url": "http://osvdb.org/35968"}, {"name": "ADV-2007-1817", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1817"}, {"name": "20070515 GS07-01 Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/468633/100/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2734", "datePublished": "2007-05-16T22:00:00", "dateReserved": "2007-05-16T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:3com:3crtpx505-73:*:*:*:*:*:*:*:*", "matchCriteriaId": "95D2832C-ABB1-471C-9BBF-FD02DF937CB8", "vulnerable": true}, {"criteria": "cpe:2.3:h:3com:3crx506-96:*:*:*:*:*:*:*:*", "matchCriteriaId": "C638E694-5A18-4D06-8810-633819C47231", "vulnerable": true}, {"criteria": "cpe:2.3:h:3com:tippingpoint_200:*:*:*:*:*:*:*:*", "matchCriteriaId": "A351AE89-754D-4170-BC4E-CD2C8262824B", "vulnerable": true}, {"criteria": "cpe:2.3:h:3com:tippingpoint_200e:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D28E50D-36E0-485E-AA78-7D7520FBFC2B", "vulnerable": true}, {"criteria": "cpe:2.3:h:3com:tippingpoint_2400e:*:*:*:*:*:*:*:*", "matchCriteriaId": "60660614-196A-4F80-B21E-2FE41ACAA69D", "vulnerable": true}, {"criteria": "cpe:2.3:h:3com:tippingpoint_50:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF5ED78C-D90E-4921-893D-D5877BA2E170", "vulnerable": true}, {"criteria": "cpe:2.3:h:3com:tippingpoint_5000e:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7CBF1D4-5446-4900-90E1-722DE3A19D20", "vulnerable": true}, {"criteria": "cpe:2.3:h:3com:tippingpoint_600e:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A8D2B29-E70D-4B2F-AB23-46AB3263FD6B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic."}, {"lang": "es", "value": "3Com TippingPoint IPS no maneja adecuadamente ciertas codificaciones de caracteres Unicode de ancho total (full-width) o mitad de ancho (half-width) en una petici\u00f3n HTTP POST, lo cual podr\u00eda permitir a atacantes remotos evadir la detecci\u00f3n de tr\u00e1fico HTTP."}], "id": "CVE-2007-2734", "lastModified": "2018-10-16T16:45:17.150", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-05-16T22:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/35968"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25302"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2712"}, {"source": "cve@mitre.org", "url": "http://www.3com.com/securityalert/alerts/3COM-07-001.html"}, {"source": "cve@mitre.org", "url": "http://www.gamasec.net/english/gs07-01.html"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/739224"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/468633/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1817"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}