3Com Security Alert: 3COM-07-003

« Alert Center

3COM-07-003
TippingPoint™ IPS Extended Unicode Evasion

July 10, 2007

CVE ID:
Not yet assigned.

Affected Vendor:
3Com TippingPoint

Affected Products:
TippingPoint IPS running TOS versions 2.1 & 2.2.0 - 2.2.4

Severity Assessment : Moderate

Vulnerability Details:
3Com has identified an evasion in the TippingPoint IPS product. This evasion may allow remote attackers to bypass detection of some types of malicious web traffic on affected installations.

Update Availability:
This issue has been addressed in various TOS releases as indicated by the affected product below.

X-Family devices prior to 2.5.0.6682.
IPS devices 50, 100E, 200, 200E, 400, 1200, 2400, prior to 2.5.1.6833.
IPS devices 600E, 1200E, 2400E or 5000E, prior to 2.5.2.6919.

We recommend however that customers upgrade to the latest TOS release. Customers can obtain an update from the Threat Management Center: http://tmc.tippingpoint.com.

Workarounds:
Disable Unicode encoding support for exposed web servers.

Credit:
This issue was reported by Paul Craig of Security-Assessment.com.

Support:
Technical support is available by contacting TippingPoint Technical Support at
866-681-8324.