TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

101

102

103

104

105

106

107

108

109

110

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

105

Signature Description: DCForum is a complete web conferencing software for building and managing an online

discussion community. DCForum, version 6.0, is a denial of service vulnerability. CDForum could allow a remote

attacker to view arbitrary files on the server with the privileges of the 'nobody' user or web server. If the attacker

attempts to view the source code of the dcforum.cgi script, the script delete itself, causing a denial of service. This issue

is fixed in appropriate patch, available at vendor's web site.

Signature ID: 732

WEB-INF folder accessible vulnerability

Threat Level: Information

Industry ID: CVE-2000-1050

CVE-2001-0179 Bugtraq: 1830,5119 Nessus: 11037

Signature Description: The WEB-INF directory contains Java class files, detailed web application configuration

information, server side libraries, session information and files such as web.xml and webapp.properties. This rule

triggered when an attacker could send a specially-crafted URL request for a file /WEB-INF/ directory, an attacker can

use this vulnerability to retrive files located in the /WEB-INF/ directory.

Signature ID: 733

Sambar Server hello.bat Code Execution Vulnerability

Threat Level: Information

Industry ID: CVE-2000-0213 Bugtraq: 1002 Nessus: 10246

Signature Description: The Sambar Server is a multi-threaded HTTP, FTP and Proxy server for Windows NT and

Windows 95. Sambar Server,4.2.0beta 7, contains a flaw that may allow a malicious user to execute arbitrary code. The

issue is triggered when additional commands are appended to a request for the "hello.bat" file. An attacker can use this

vulnerability to read, modify, create, or delete any file or directory on the system, including user accounts. The issue is

fixed in the Sambar Server version 4.3Beta 8. Update this version for removing the issue, which available at vendor's

web site.

Signature ID: 734

Vpopmail-CGIApps 'vpasswd.cgi' Remote Command Execution Vulnerability

Threat Level: Information

Bugtraq: 6038 Nessus: 11165

Signature Description: Vpopmail is the virtual core of Mail::Toaster. All the user authentication, permissions, quota,

and other settings that related to email users and virtual domains is managed by vpopmail and it's collection of tools.

Vpopmail, version prior to 0.3, is a input validation vulnerability. This rule will triggers when an attacker could embed

arbitrary commands in the password form field using the semi-colon(;) in the vpopmail.cgi script. The vpopmail.cgi

script is used to change user passwords. The password is changed by calling the os.system() function. An attacker can

use this vulnerability to execute arbitrary commands on the web server. This issue is fixed in the version 0.3 or later.

Update this latest version of vpopmail-CgiApps, available at vendor's web site.

Signature ID: 735

Textcounter.pl Arbitrary Command Execution Vulnerability

Threat Level: Information

Industry ID: CVE-1999-1479 Bugtraq: 2265 Nessus: 11451

Signature Description: TextCounter requires Server Side Includes and will displays a text count of the number of

visitors to a page in web site. The affected version of Testcounter is 1.2. This rule will triggers when an attacker could

send specially-crafted URL request to the testcounter.pl script containing shell metacharacters, an attacker can use this

vulnerability to execute arbitrary code on the server with privileges of the server process. The issue is fixed in 1.2.1

version. The Administrator was advice to update latest version of TextCounter(1.2.1, 1.3.1 or later), available at

vendor's web site.