TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1048
exploited by an attacker to read an HTTPS request URL sent by Internet Explorer despite the use of an encrypted
connection. The vulnerable program is the dynamically linked library wininet.dll. Exploit attempts of this vulnerability
detected using a combination of three signatures, this is third signature and generate log message.
Signature ID: 38071
Mozilla Firefox CSS Letter-Spacing Heap Overflow
Threat Level: Warning
Industry ID: CVE-2006-1730
Signature Description: There exists a heap based buffer overflow vulnerability in Mozilla Firefox as well as other
Mozilla products. The vulnerable is caused due to an integer overflow leading to an insufficient buffer allocation while
rendering the CSS spacing. A malicious attacker can exploit this vulnerability by enticing a user to open a specially
crafted web page, which may result in the injection and execution of arbitrary code on the target host. Assurent has not
been able to reliably reproduce this vulnerability in the 24-hour research period. The problematic program is the library
gklayout.dll, and the source code file nsTextFrame.cpp. The problematic function is ComputeTotalWordDimensions()
and ComputeWordFragmentDimensions(). The vulnerable parameter is the letter-spacing style attribute in HTML
documents.
Signature ID: 38072
F-Secure Products Web Console Buffer Overflow
Threat Level: Warning
Industry ID: CVE-2006-2838
Signature Description: There exists a buffer overflow vulnerability in the Web Console of multiple F-Secure products.
The vulnerability is caused by insufficient validation of the user-supplied data to the HTTP server hosting the console.
An unauthenticated attacker can exploit this vulnerability to cause a denial of service condition, or to inject and execute
arbitrary code with the security context of the vulnerable service, normally System.The vulnerable program is
fswebuid.exe.The vulnerable function is responsible for processing login parameters passed to it from the web
console.The vulnerable parameter is the userName CGI variable from the POST request. This signature detects attacks
on TCP port 25023.
Signature ID: 38073
F-Secure Products Web Console Buffer Overflow
Threat Level: Warning
Industry ID: CVE-2006-2838
Signature Description: There exists a buffer overflow vulnerability in the Web Console of multiple F-Secure products.
The vulnerability is caused by insufficient validation of the user-supplied data to the HTTP server hosting the console.
An unauthenticated attacker can exploit this vulnerability to cause a denial of service condition, or to inject and execute
arbitrary code with the security context of the vulnerable service, normally System.The vulnerable program is
fswebuid.exe.The vulnerable function is responsible for processing login parameters passed to it from the web
console.The vulnerable parameter is the userName CGI variable from the POST request. This signature detects attacks
on TCP port 1111.
Signature ID: 38075
RealPlayer RealMedia Security Bypass File access
Threat Level: Warning
Industry ID: CVE-2005-2055
Signature Description: Vulnerability exists in the way that RealNetworks line of RealPlayer products handle clip-
encoded URLs. A malicious website can load a local HTML document within the Microsoft HTML viewer control in
the local zone security context by using a specially crafted RealMedia file. An attacker exploiting this flaw can bypass