TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

101

102

103

104

105

106

107

108

109

110

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

108

commerce on the World Wide Web. IBM Net.Commerce, version 3.1.2, could allow an attacker to gain access to

sensitive information. This issue triggered when an attacker could send a specially-crafted HTTP request to the

orderdspc.d2w macro to gain access to sensitive information in the Net.Commerce database. An attacker can use this

vulnerability to gain access to administrative accounts and user password files. The issue is fixed in the version 3.2 or

later. The administrator advice to update the latest version of IBM Net.Commerce(3.2 or later), available at vendor's

web site.

Signature ID: 750

Ad.cgi Unchecked Input Vulnerability

Threat Level: Information

Industry ID: CVE-2001-0025

Bugtraq: 2103

Signature Description: Ad.cgi is an ad rotation script freely available. Leif M. Wright's ad.cgi, version 1.0, is a

unchecked input vulnerability. This rule will triggers when an attacker could send a specially-crafted URL request to

the ad.cgi script contains a FORM variable that fails to properly check user-supplied input, an attacker can use this

vulnerability to execute arbitrary commands on the system with privileges of the Web server. No remedy available as

of September, 2008.

Signature ID: 751

Mozilla Bonsai multidiff.cgi access vulnerability

Threat Level: Information

Industry ID: CVE-2003-0153 Bugtraq: 5517

Signature Description: Mozilla Bonsai is a tool that allows a user to perform queries on the contents of a CVS archive.

Bonsai, version 1.3.0, is a path disclosure vulnerability. This rule will triggers when an attacker could send a request for

the multidiff.cgi script to cause an error message to be returned that would contain the physical path to the requested

script, an attacker can use this vulnerability to obtain sensitive information.

Signature ID: 752

Stalkerlab's Mailers 1.1.2 CGI Mail Spoofing Vulnerability

Threat Level: Information

Industry ID: CVE-2000-0726 Bugtraq: 1623

Signature Description: Stalker Lab's Mailers package for Windows NT contains the CGImail.exe program, which is

used to convert the contents of an HTML form to an email. Due to specific values in the file it is possible for a user to

save the web page to disk and modify different variables such as the $To$, $Attach$ and the $File$ variables cause the

program to send any file saved on the web server to the user, an attacker can use this vulnerability to gain access to

confidential data. The affected version of Stalkerlab Mailers 1.1.2 and later. No remedy available as of September,

2008.

Signature ID: 753

WEB-PHP readmsg.php access vulnerability

Threat Level: Information

Industry ID: CVE-2001-1408 Nessus: 11073

Signature Description: The Cobalt Qube was a computer server appliance product line. Cobalt Qube 3 WebMail,

version 2.0.1, is a directory traversal vulnerability in readmsg.php. This issue triggered when an attacker can send a

specially-crafted URL to the readmsg.php script containing "dot dot" sequences(/../) to traverse directories in the

mailbox parameter, an attacker can use this vulnerability to view the contents of files readable by the web server user.

No remedy available as of September, 2008.