TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
106
Signature ID: 736
NetWin WebNEWS Remote Buffer Overflow Vulnerability
Threat Level: Information
Industry ID: CVE-2002-0290 Bugtraq: 4124 Nessus: 11732
Signature Description: WebNEWS is a server side application which provides users with web based access to internet
News Groups. It is a compatible with any standard NNTP News server system. WebNEWS version 1.1k and prior is a
buffer overflow vulnerability. This rule will triggers when an attacker could send a specially-crafted URL request to the
webnews.exe including a string containing 1500 bytes or more in the 'group' parameter of a valid variable, a remote
attacker can use this vulnerability to overflow a buffer and execute arbitrary code on the system. The issue is fixed in
appropriate patch, apply the available patch for removing this issue.
Signature ID: 739
WEB-CGI args.bat access vulnerability
Threat Level: Information
Industry ID: CVE-1999-1180 CVE-1999-1374 Nessus: 11465
Signature Description: This rule will triggers when an attacker can send a URL request to the args.bat or the args.cmd
example file appended with shell metacharacters, an attacker can use this vulnerability to execute arbitrary commands
on the system. The affected versions of O'Reilly Web Site are 1.1e and 2.0. No remedy available as of September,
2008.
Signature ID: 740
Viralator CGI Input Validation Remote Shell Command Vulnerability
Threat Level: Information
Industry ID: CVE-2001-0849 Bugtraq: 3495 Nessus: 11107
Signature Description: Viralator is Perl script that virus scans HTTP/FTP downloads request on a UNIX server after
passing through the Squid proxy server. Viralator, versions 0.7, 0.8, and 0.9pre1, is a improper filtering of user-
supplied CGI parameters vulnerability. This rule will triggers when an attacker could send a specially-crafted URL
request to the viralator.cgi script containing escaped shell commands, an attacker can use this vulnerability to execute
arbitrary commands on the server. The issue is fixed in the version 0.9pre2 or later. An Administrator was advice to
update latest version of viralator(0.9pre2 or later), available at vendor's website.
Signature ID: 742
Netscape Enterprise Server REVLOG Command Access vulnerability
Threat Level: Information
Industry ID: CVE-2001-0251 Bugtraq: 2294
Signature Description: Netscape Enterprise Server is a web server used to host large-scale websites. This directory is
accessible by remote or local users without any authentication. Netscape Enterprise Server, version 3.0.0, is a denial of
service vulnerability. This rule will triggers when an attacker connect to the server and submits a specially-crafted
command 'REVLOG /HTTP/1.0', request to cause the server to crash. No remedy available as of September, 2008.
Signature ID: 743
Ceilidh textcgi.exe cross-site scripting Vulnerability
Threat Level: Information
Industry ID: CVE-2003-1531
Bugtraq: 7214
Signature Description: Ceilidh is a Web-based threaded discussion engine that features automatic text to HTML
conversion, file attachment, e-mail notification, automatic message expiration, multiple levels of security. Ceilidh
version 2.70 and prior is a cross-site scripting. This rule will triggers when an attacker could create a specially-crafted
URL request containing malicious script to the test.cgi file. When the link is clicked or a user visits a malicious