CVE-2007-2734 - OpenCVE

The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
3com	3crtpx505-73 3crx506-96 Tippingpoint 200 Tippingpoint 200e Tippingpoint 2400e Tippingpoint 50 Tippingpoint 5000e Tippingpoint 600e

Configuration 1 [-]

OR	cpe:2.3:h:3com:3crtpx505-73::::::::
	cpe:2.3:h:3com:3crx506-96::::::::
	cpe:2.3:h:3com:tippingpoint_200::::::::
	cpe:2.3:h:3com:tippingpoint_200e::::::::
	cpe:2.3:h:3com:tippingpoint_2400e::::::::
	cpe:2.3:h:3com:tippingpoint_50::::::::
	cpe:2.3:h:3com:tippingpoint_5000e::::::::
	cpe:2.3:h:3com:tippingpoint_600e::::::::

No data.

References

Link	Providers
http://osvdb.org/35968
http://secunia.com/advisories/25302
http://securityreason.com/securityalert/2712
http://www.3com.com/securityalert/alerts/3COM-07-001.html
http://www.gamasec.net/english/gs07-01.html
http://www.kb.cert.org/vuls/id/739224
http://www.securityfocus.com/archive/1/468633/100/0/threaded
http://www.vupen.com/english/advisories/2007/1817

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-16T22:00:00

Updated: 2024-08-07T13:49:57.318Z

Reserved: 2007-05-16T00:00:00

Link: CVE-2007-2734

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-05-16T22:30:00.000

Modified: 2018-10-16T16:45:17.150

Link: CVE-2007-2734

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-14T00:00:00", "descriptions": [{"lang": "en", "value": "The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "VU#739224", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/739224"}, {"name": "2712", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2712"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.3com.com/securityalert/alerts/3COM-07-001.html"}, {"name": "25302", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25302"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gamasec.net/english/gs07-01.html"}, {"name": "35968", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35968"}, {"name": "ADV-2007-1817", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1817"}, {"name": "20070515 GS07-01 Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/468633/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2734", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#739224", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/739224"}, {"name": "2712", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2712"}, {"name": "http://www.3com.com/securityalert/alerts/3COM-07-001.html", "refsource": "CONFIRM", "url": "http://www.3com.com/securityalert/alerts/3COM-07-001.html"}, {"name": "25302", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25302"}, {"name": "http://www.gamasec.net/english/gs07-01.html", "refsource": "MISC", "url": "http://www.gamasec.net/english/gs07-01.html"}, {"name": "35968", "refsource": "OSVDB", "url": "http://osvdb.org/35968"}, {"name": "ADV-2007-1817", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1817"}, {"name": "20070515 GS07-01 Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/468633/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:49:57.318Z"}, "title": "CVE Program Container", "references": [{"name": "VU#739224", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/739224"}, {"name": "2712", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2712"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.3com.com/securityalert/alerts/3COM-07-001.html"}, {"name": "25302", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25302"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.gamasec.net/english/gs07-01.html"}, {"name": "35968", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35968"}, {"name": "ADV-2007-1817", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1817"}, {"name": "20070515 GS07-01 Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/468633/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2734", "datePublished": "2007-05-16T22:00:00", "dateReserved": "2007-05-16T00:00:00", "dateUpdated": "2024-08-07T13:49:57.318Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:3com:3crtpx505-73:*:*:*:*:*:*:*:*", "matchCriteriaId": "95D2832C-ABB1-471C-9BBF-FD02DF937CB8", "vulnerable": true}, {"criteria": "cpe:2.3:h:3com:3crx506-96:*:*:*:*:*:*:*:*", "matchCriteriaId": "C638E694-5A18-4D06-8810-633819C47231", "vulnerable": true}, {"criteria": "cpe:2.3:h:3com:tippingpoint_200:*:*:*:*:*:*:*:*", "matchCriteriaId": "A351AE89-754D-4170-BC4E-CD2C8262824B", "vulnerable": true}, {"criteria": "cpe:2.3:h:3com:tippingpoint_200e:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D28E50D-36E0-485E-AA78-7D7520FBFC2B", "vulnerable": true}, {"criteria": "cpe:2.3:h:3com:tippingpoint_2400e:*:*:*:*:*:*:*:*", "matchCriteriaId": "60660614-196A-4F80-B21E-2FE41ACAA69D", "vulnerable": true}, {"criteria": "cpe:2.3:h:3com:tippingpoint_50:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF5ED78C-D90E-4921-893D-D5877BA2E170", "vulnerable": true}, {"criteria": "cpe:2.3:h:3com:tippingpoint_5000e:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7CBF1D4-5446-4900-90E1-722DE3A19D20", "vulnerable": true}, {"criteria": "cpe:2.3:h:3com:tippingpoint_600e:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A8D2B29-E70D-4B2F-AB23-46AB3263FD6B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic."}, {"lang": "es", "value": "3Com TippingPoint IPS no maneja adecuadamente ciertas codificaciones de caracteres Unicode de ancho total (full-width) o mitad de ancho (half-width) en una petici\u00f3n HTTP POST, lo cual podr\u00eda permitir a atacantes remotos evadir la detecci\u00f3n de tr\u00e1fico HTTP."}], "id": "CVE-2007-2734", "lastModified": "2018-10-16T16:45:17.150", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-05-16T22:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/35968"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25302"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2712"}, {"source": "cve@mitre.org", "url": "http://www.3com.com/securityalert/alerts/3COM-07-001.html"}, {"source": "cve@mitre.org", "url": "http://www.gamasec.net/english/gs07-01.html"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/739224"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/468633/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1817"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}