TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

101

102

103

104

105

106

107

108

109

110

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

107

website, the script code will be executed in the user's browser session. An attacker could use this vulnerability to steal

the victim's cookie-based authentication credentials. No remedy available as of September, 2008.

Signature ID: 745

Webadmin.dll detection vulnerability

Threat Level: Information

Industry ID: CVE-2003-0471 CVE-2003-1463 Bugtraq: 7438,8024 Nessus: 11771

Signature Description: WebAdmin is a web application to administer MDaemon and RelayFax. it can be run on its

own or as an ISAPI application under Microsoft Internet Information Service(IIS). WebAdmin, version prior to 2.0.3,

is a path traversal vulnerability. This rule will triggers when an attacker could send a specially-crafted URL request to

the WebAdmin.dll file, an attacker can use this vulnerability to gain unauthorized access to any file on the system. This

issue is fixed in the version 2.0.3 or later. Update this fixed version, available at vendor's web site.

Signature ID: 746

Sambar Server echo.bat Code Execution Vulnerability

Threat Level: Information

Industry ID: CVE-2000-0213 Bugtraq: 1002 Nessus: 10246

Signature Description: The Sambar Server is a multi-threaded HTTP, FTP and Proxy server for Windows NT and

Windows 95. Sambar Server,4.2.0beta 7, contains a flaw that may allow a malicious user to execute arbitrary code. The

issue is triggered when additional commands are appended to a request for the "echo.bat" file. An attacker can use this

vulnerability to read, modify, create, or delete any file or directory on the system, including user accounts. The issue is

fixed in the Sambar Server version 4.3Beta 8. Update this version for removing the issue, which available at vendor's

web site.

Signature ID: 747

Oracle 9iAS PORTAL_DEMO ORG_CHART Vulnerability

Threat Level: Warning

Nessus: 11918

Signature Description: Oracle9i Application Server Wireless Edition (Oracle9i AS Wireless Edition) allows carriers,

enterprises, and Internet companies to wirelessly enable. In the installation of Oracle 9iAS, it is possible to access a

demo (PORTAL_DEMO.ORG_CHART) via mod_plsql. Access to these pages should be restricted, because it may be

possible to abuse this demo for SQL Injection attacks.

Signature ID: 748

Fpcount.exe Buffer Overflow Vulnerability

Threat Level: Information

Industry ID: CVE-1999-1376 Bugtraq: 2252 Nessus: 11370

Signature Description: Fpcount.exe is site visit counter included with the Internet Information Server. IIS(Internet

Information Server) is a group of Internet servers(including a Web or Hypertext Transfer Protocol server and a File

Transfer Protocol server). It is developed by Microsoft. Microsoft Internet Information Server, version 4.0, is a buffer

overflow vulnerability. A vulnerability in the package could allow a user to execute arbitrary code on a running server.

The problem lies in a buffer overflow in the fpcount.exe binary. It is possible to exploit the buffer overflow in

fpcount.exe remotely, thus overwriting stack variables, including the return address.

Signature ID: 749

WEB-MISC IBM Net.Commerce orderdspc.d2w access vulnerability

Threat Level: Information

Industry ID: CVE-2001-0319 Bugtraq: 2350

Signature Description: IBM Net.Commerce enables businesses to quickly, easily, and securely conduct electronic