TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
102
Signature ID: 717
CGIScript.net csNews Header File Type Restriction Bypass Vulnerability
Threat Level: Information
Industry ID: CVE-2002-0923 Bugtraq: 4994 Nessus: 11726
Signature Description: CsNews is a script for managing news items on a website. It is used on most Unix, Linux and
Microsoft Windows operating systems. This rule will triggers when an attacker could sending a specially-crafted URL
request to the csNews.cgi script that containing double URL encoded characters to access the 'Advanced Settings' page,
once the attacker gain access to the 'Advanced Settings' page, modified values could be set using the header and footer
fields, which could allow the attacker to view arbitrary files or execute arbitrary commands. The vulnerable version of
csNews is 1.0.0. No remedy available as of September, 2008.
Signature ID: 718
Netwin CWMail Buffer Overflow Vulnerability
Threat Level: Information
Industry ID: CVE-2002-0273 CVE-2000-0828 Bugtraq: 4093,1657 Nessus: 11727
Signature Description: CWMail is a web-email gateway which allows to read and process new email from a web
browser running on any machine with access to the internet. CWMail version prior to 2.8 are a buffer overflow
vulnerability. This rule will triggers when an attacker sending an overly large string to the 'item=' parameter using the
forward option, a remote attacker could use this vulnerability to overflow a buffer and execute arbitrary code on the
system. The issue is fixed in the version 2.8a or later. The Administrator advised to update the latest version of
CWMail(2.8a or later), available at vendor's website.
Signature ID: 719
Trend Micro InterScan eManager register.dll Buffer Overflow Vulnerability
Threat Level: Information
Industry ID: CVE-2001-0958 Bugtraq: 3327 Nessus: 11747
Signature Description: Trend Micro InterScan eManager is an application that inspects email traffic flowing into and
out of a network for confidential or inappropriate material entering and/or leaving the network. This application has the
capability to inspect, modify, and/or block email at the border of the enterprise. Trend Micro InterScan version 3.51
and 3.51J is a buffer overflow vulnerability. This rule will triggers when an attacker cold sending a long arguments to
the register.dll, an attacker can use this vulnerability to overflow a buffer and execute arbitrary code on the system.
Signature ID: 720
Sun NetDynamics Session ID Hijacking Vulnerability
Threat Level: Information
Industry ID: CVE-2001-0922 Bugtraq: 3583 Nessus: 11730
Signature Description: NetDynamics is an application server platform designed to provide a comprehensive solution
for enterprise level portal applications. The vulnerable versions of NetDynamics are 4.x through 5.x. This rule triggered
when a user logs in, the session ID remains valid for up to 15 seconds, an attacker mappings to hijack the session with
knowledge of NetDynamics command. An attacker can use this vulnerability to execute arbitrary commands on the
system with privileges of the hijacked account. No remedy available as of July, 2008.
Signature ID: 721
Nph exploitscanget.cgi access vulnerability
Threat Level: Information
Bugtraq: 7911,7910,7913 Nessus: 11740
Signature Description: Infinity CGI Exploit Scanner is a web-based CGI vulnerability scanner, implemented in perl
and stored under the name 'nph-exploitscanget.cgi'. There is a flaw in this CGI which lets an attacker execute arbitrary