TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
103
commands on this host. In addition to this, there is a flaw in this CGI which may allow an attacker to use this CGI to
scan remote web servers. This CGI is also vulnerable to cross-site scripting issues.
Signature ID: 722
AT-admin.cgi Access vulnerability
Threat Level: Information
Industry ID: CVE-1999-1072
Signature Description: Excite for Web Servers(EWS) is a web server, lets visitors easily explore and search a web site
using a new generation of navigation technology. It allows Web administrators to add "smart search" capacities to their
home pages. Excite for web servers 1.1 is a vulnerable version. This rule triggered when an attacker could send a HTTP
request to the AT-admin.cgi, an attacker can use this vulnerability to gain privileges by obtaining the encrypted
password from the world-readable Architext.conf authentication file. No remedy is available.
Signature ID: 723
Ion-p Remote File Disclosure Vulnerability
Threat Level: Information
Industry ID: CVE-2002-1559 Bugtraq: 6091 Nessus: 11729
Signature Description: ION Script is language that is used to create IDL-driven Web documents. On the Net(ION),
version 1.4.0, is a file disclosure vulnerability. This rule triggered when an attacker could send a specially-crafted URL
request to the 'ion-p' script using the 'page' variable, an attacker can use this vulnerability to gain required information
or download the files from the system. No remedy available as of September, 2008.
Signature ID: 724
WEB-MISC VsSetCookie.exe access vulnerability
Threat Level: Information
Industry ID: CVE-2002-0236 Bugtraq: 3784 Nessus: 11731
Signature Description: VitaNet is part of Lucent's VitalSuite SP product family. It allows users to monitor, analyze,
manage and predict the performance of their network infrastructure. The affected version of VitalNet is 8.0. This rule
will triggers when an attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, an
attacker can use this vulnerability to gain unauthorized access to the web server.
Signature ID: 725
Talentsoft Web+ Source Code Disclosure Vulnerability
Threat Level: Information
Bugtraq: 1722
Signature Description: Talentsoft Web+ is an e-commerce server designed to run under a web server, to provide web
storefronts. It allows users to read arbitrary data files on the Web server running the webpsvr daemon. The affected
version of Talentsoft Web + is 4.6. This rule will triggers when an attacker could send a request to the webplus.exe CGI
application with "?script=<name of the file>::$DATA" appended to the end of the request, an attacker can use this
vulnerability to view the source code of WML files, which may contain sensitive information, such as datasource, table
names, user names, and passwords and also retrieve the source code of other server-side scripts, such as Active Server
Pages(ASP files). The issue is fixed in the version of Web+ build 542 or later. Update this issue, which available at
vendor's web site.
Signature ID: 726
CGIScript.NET csMailto Hidden Form Field Remote Command Execution Vulnerability
Threat Level: Information
Industry ID: CVE-2002-0749 Bugtraq: 4579,6265 Nessus: 11748
Signature Description: CGIScript.net provides various webmaster related tools. A vulnerability has been reported in