CVE-2007-3711

Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0210.html
http://osvdb.org/35969
http://secunia.com/advisories/26017	Vendor Advisory
http://www.3com.com/securityalert/alerts/3COM-07-002.html	Vendor Advisory
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_3Com_TippingPoint_IPS_Detection_Bypass_2.pdf
http://www.securityfocus.com/archive/1/473394/100/0/threaded
http://www.securityfocus.com/bid/24861
http://www.securitytracker.com/id?1018386
http://www.vupen.com/english/advisories/2007/2489
https://exchange.xforce.ibmcloud.com/vulnerabilities/35343
http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0210.html
http://osvdb.org/35969
http://secunia.com/advisories/26017	Vendor Advisory
http://www.3com.com/securityalert/alerts/3COM-07-002.html	Vendor Advisory
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_3Com_TippingPoint_IPS_Detection_Bypass_2.pdf
http://www.securityfocus.com/archive/1/473394/100/0/threaded
http://www.securityfocus.com/bid/24861
http://www.securitytracker.com/id?1018386
http://www.vupen.com/english/advisories/2007/2489
https://exchange.xforce.ibmcloud.com/vulnerabilities/35343

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:3com:tippingpoint_ips_tos:2.1:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.1.4.6324:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.2:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.1:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.1.6506:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.2:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.3:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.4:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.5:::::::*
	cpe:2.3:o:3com:tippingpoint_ips_tos:2.5.1:::::::*

History

21 Nov 2024, 00:33

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0210.html -~~	() http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0210.html -
References	~~() http://osvdb.org/35969 -~~	() http://osvdb.org/35969 -
References	~~() http://secunia.com/advisories/26017 - Vendor Advisory~~	() http://secunia.com/advisories/26017 - Vendor Advisory
References	~~() http://www.3com.com/securityalert/alerts/3COM-07-002.html - Vendor Advisory~~	() http://www.3com.com/securityalert/alerts/3COM-07-002.html - Vendor Advisory
References	~~() http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_3Com_TippingPoint_IPS_Detection_Bypass_2.pdf -~~	() http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_3Com_TippingPoint_IPS_Detection_Bypass_2.pdf -
References	~~() http://www.securityfocus.com/archive/1/473394/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/473394/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/24861 -~~	() http://www.securityfocus.com/bid/24861 -
References	~~() http://www.securitytracker.com/id?1018386 -~~	() http://www.securitytracker.com/id?1018386 -
References	~~() http://www.vupen.com/english/advisories/2007/2489 -~~	() http://www.vupen.com/english/advisories/2007/2489 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/35343 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/35343 -

Information

Published : 2007-07-11 23:30

Updated : 2025-04-09 00:30

NVD link : CVE-2007-3711

Mitre link : CVE-2007-3711

CVE.ORG link : CVE-2007-3711

JSON object : View

Products Affected

3com

tippingpoint_ips_tos

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2007-3711", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-07-11T23:30:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0210.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/35969", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26017", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.3com.com/securityalert/alerts/3COM-07-002.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_3Com_TippingPoint_IPS_Detection_Bypass_2.pdf", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/473394/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24861", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018386", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2489", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35343", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0210.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/35969", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/26017", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.3com.com/securityalert/alerts/3COM-07-002.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_3Com_TippingPoint_IPS_Detection_Bypass_2.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/473394/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/24861", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1018386", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/2489", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35343", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets."}, {"lang": "es", "value": "Vulnerabilidad no especificada en TOS 2.1.x, 2.2.x versiones anteriores a 2.2.5, y 2.5.x versiones anteriores a 2.5.2 en TippingPoint IPS permite a atacantes remotos evitar detecci\u00f3n al enviar determinados fragmentos de paquetes."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53E6DE7F-8507-4C37-A935-554D9F875C69"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.1.4.6324:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6654346B-3574-48D1-9A0B-2750D6FF4D96"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78E1B6D6-F779-451E-B4A9-E04D153F7F0C"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BCF4262-3F3F-44D7-BE61-1FDCF885C95F"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.1.6506:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "276F1810-A4E9-4621-A81A-19EED8146E60"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "272C0A76-2981-42EC-8D85-D33293BE96FD"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F789A9E-34D3-4C17-AAD3-9DA6B940FA45"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87DD0AC2-05E3-4BE7-8EB6-60FA011AA742"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B929C12-052F-4A42-B155-7A51152B902A"}, {"criteria": "cpe:2.3:o:3com:tippingpoint_ips_tos:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F34B833-674E-4373-A9E1-62EA0A5F690E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10