TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.

The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic.