3Com TippingPoint IPS HTTP traffic denial of service
| tippingpoint-ips-http-traffic-dos (24200) |  Medium Risk |
Description:
TippingPoint IPS is vulnerable to a denial of service. A remote attacker could exploit this vulnerability using malformed HTTP traffic to cause the device to utilize a large amount of CPU resources.
Consequences:
Denial of Service
Remedy:
Upgrade to the latest version of TippingPoint OS (TOS), available from the TippingPoint Threat Management Center. See References.
References:
- TippingPoint Web site: Threat Management Center.
- BID-16299: 3Com TippingPoint IPS Remote Unspecified Denial Of Service Vulnerability
- CVE-2006-0362: TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, and TOS 2.2.x before 2.2.1.6506, allow remote attackers to cause a denial of service (CPU consumption) via an unknown vector, probably involving an HTTP request with a negative number in the Content-Length header.
- OSVDB ID: 22504: 3Com TippingPoint IPS Malformed HTTP Request DoS
- SA18515: TippingPoint IPS Device Denial of Service Vulnerability
- SECTRACK ID: 1015511: TippingPoint Intrusion Prevention System HTTP Processing Lets Remote Users Deny Service
Platforms Affected:
- 3Com TippingPoint IPS TOS 2.1.3.6323
- 3Com TippingPoint IPS TOS 2.2.0.6504
Reported:
Jan 19, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net