TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

101

102

103

104

105

106

107

108

109

110

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

104

the csMailto.cgi script developed by CGIScript.net. csMailto is a perl script designed to support multiple mailto:forms

and also send and receive files. The script stored all the form configuration data in hidden fields in the actual form. An

attacker can use this vulnerability to execute arbitrary commands via shell metacharacters in the form-attachment field.

No remedy available as of September, 2008.

Signature ID: 727

Trend Micro OfficeScan cgiWebupdate.exe Disclosure Vulnerability

Threat Level: Information

Industry ID: CVE-2001-1150 Bugtraq: 3216 Nessus: 11722

Signature Description: Trend Micro Office Scan is a centrally managed Antivirus solution that allows administrators to

manage virus and spyware protection in business environments. Trend Micro Office Scan(Trend Micro Office Scan

version 3.5.2 through 3.5.4) Corporate Edition could allow a remote attacker to read arbitrary files on the server, caused

by vulnerability in the cgiWebupdate.exe program. This issue is triggered when sending specially-crafted requests to

the Web management interface to read arbitrary files with IUSER privileges.

Signature ID: 728

CGIScript.net csPassword.CGI Information Disclosure Vulnerability

Threat Level: Information

Industry ID: CVE-2002-0917 CVE-2002-0918 Bugtraq: 4887,4885,4886,4889

Signature Description: CGIScript.net provides various webmaster related tools. A vulnerability has been reported in

the csPassword.cgi script developed by CGIScript.net. csPassword.cgi(csPassword version 1.0) stores .htpasswd files

under the web document root, which could allow remote authenticated users to download the file and crack the

passwords of other users. Apply the appropriate patch, which is available at vendor's website.

Signature ID: 729

Brian Stanback bsguest.cgi Remote Command Execution Vulnerability

Threat Level: Information

Industry ID: CVE-2001-0099 Bugtraq: 2159

Signature Description: Bsguest.cgi is a script designed to coordinate guestbook submissions from website visitors.

Brian Stanback bsguest.cgi, version 1.0.0, is an input validation vulnerability. The issued is triggered when the script

fails to properly filter ";" characters from the user-supplied email address, could allow a remote attacker to obtaining

the system's etc/passwd file. The issue is fixed in the version 3.0 or later. The Administrator was advice to update the

latest version of bsguest.cgi(3.0 or later), which is available at vendor's website.

Signature ID: 730

TalentSoft Web+ Directory Traversal Vulnerability

Threat Level: Information

Industry ID: CVE-2000-0282 Bugtraq: 1102

Signature Description: Talentsoft Web+ is an e-commerce server designed to run under a webserver, to provide web

storefronts. It allows users to read arbitrary data files on the Web server running the webpsvr daemon. The affected

version of Talentsoft Web + is 0.0.04.x. This rule will triggers when an attacker could send a specially-crafted URL to

the webplus using 'script' variable contains ..(dotdot) sequence, an attacker can use this vulnerability to execute

arbitrary data files on the web server. This issue is fixed in the version Talentsoft Web+ build 513 or later. Update this

version for removing this issue, available at vendor's web site.

Signature ID: 731

DCForum Arbitrary cgforum.cgi Disclosure Vulnerability

Threat Level: Information

Industry ID: CVE-2000-1132 Bugtraq: 1951