Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1031103210331034103510361037103810391040
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1038
Signature ID: 37036
SQL Injection With SQL UNION statement
Threat Level: Severe
Industry ID: CVE-2008-2891
Signature Description: This Rule hits when http request argument consists of SQL Statement UNION, and UNION
statement in the format "any number of spaces(not encoded) followed with UNION statement.The purpose of the SQL
UNION command is to combine the results of two queries together. Attacker uses this SQL Statement to join his own
SQL Query. Successful attacker gains access on the affected system.
Signature ID: 37037
SQL Injection With SQL UNION statement
Threat Level: Severe
Industry ID: CVE-2008-2893
Signature Description: This Rule hits when http request argument consists of SQL Statement UNION. The purpose of
the SQL UNION command is to combine the results of two queries together. Attacker uses this SQL Statement to join
his own SQL Query. Successful attacker gains access on the affected system.and this rule hits when union statement
formed with comment starting characters / or \ followed with any number of spaces and with Union statement.
Signature ID: 37038
SQL Injection With MySQL Comment Statements
Threat Level: Severe
Industry ID: CVE-2008-2902
Signature Description: This Rule hits when http request argument consists of MySQL Comment Statement. we can
include a comment in a statement that describes the purpose of the statement within your application. With the
exception of hints, comments within SQL statements do not affect the statement execution. This starts with a slash and
an asterisk. Attacker uses this pattern to ignore the rest of SQL query. Successful attacker gains admin access on the
affected system
Signature ID: 37039
SQL Injection with SQL UNION Statement
Threat Level: Severe
Industry ID: CVE-2008-2916
Signature Description: This rule hits when http request argument consists of SQL UNION statement, UNION
statement is used to join two or more SQL Statements to form one single SQL statement, attacker uses this statement to
include his own SQL statement. Successful attempt allows attackers to gain the admin access on the affected
victim’s database. This signature detects attacks attackpattern with positive numbers.
Signature ID: 37040
SQL Injection with SQL Comment Statement
Threat Level: Severe
Industry ID: CVE-2008-2901
Signature Description: This Rule hits when http request argument consists of SQL Comments. Attacker uses comment
statements to bypass authentication. Successful attacker gains admin access on the affected system.
Signature ID: 37041
Cross-site Scripting by injecting HTML tags
Threat Level: Warning
Industry ID: CVE-2008-2861
CVE-2002-0938 CVE-2007-0589