CVE-2007-2734

Description

The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic.

Affected products

• 3com / 3crtpx505-73
• 3com / 3crx506-96
• 3com / tippingpoint_200
• 3com / tippingpoint_200e
• 3com / tippingpoint_2400e
• 3com / tippingpoint_50
• 3com / tippingpoint_5000e
• 3com / tippingpoint_600e

References

• MISChttp://www.kb.cert.org/vuls/id/739224
• MISChttp://securityreason.com/securityalert/2712
• MISChttp://www.3com.com/securityalert/alerts/3COM-07-001.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/25302
• MISChttp://www.gamasec.net/english/gs07-01.html
• MISChttp://osvdb.org/35968
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/1817
• MISChttp://www.securityfocus.com/archive/1/468633/100/0/threaded