TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
109
Signature ID: 754
HTTP Client [shellscript_js.php Clientside] Vulnerability
Threat Level: Information
Signature Description: HTTP (HyperText Transfer Protocol) is a stateless and object-oriented protocol standard for
distributed hypermedia systems, around which the World Wide Web is based. There is a vulnerability in Internet
Explorer. This rule triggered when an attacker could send a specially-crafted URL request to the shellscript_js.php
script, an attacker can use this vulnerability to execute arbitrary code on the web server and viewing a malicious web
page.
Signature ID: 755
HTTP Client [msits.exe Backdoor] vulnerability
Threat Level: Information
Signature Description: HTTP (HyperText Transfer Protocol) is a stateless and object-oriented protocol standard for
distributed hypermedia systems, around which the World Wide Web is based. There is a vulnerability in Internet
Explorer. This rule triggered when an attacker could send a specially-crafted URL request to the msits.exe, an attacker
can use this vulnerability to execute arbitrary code on the web server and viewing a malicious web page.
Signature ID: 757
WebDAV SEARCH Overflow vulnerability
Threat Level: Information
Industry ID: CVE-2003-0109 Bugtraq: 7116 Nessus: 11413,11412
Signature Description: Web(Web-based Distributed Authoring and Versioning) is a set of extensions to the Hypertext
Transfer Protocol(HTTP) that allows users to collaboratively edit and manage files on remote World Wide Web
servers. Microsoft Windows contains a dynamic link library(DLL) named ntdll.dll. The IIS WebDAV component
utilizes ntdll.dll when processing incoming WebDAV requests. WebDAV, Microsoft IIS version 5.0, is a buffer
overflow vulnerability. The issue triggered when an attacker can send a specially-crafted HTTP long SEARCH request.
An attacker can use this vulnerability to overflow a buffer and execute arbitrary code on the system.
Signature ID: 900
Htgroup file access vulnerability
Threat Level: Information
Signature Description: The attacker tries to gain intelligence on the user and administration groups used on a web
server. The attacker could possibly gain information needed for other attacks from the .htgroup file which lists the
groups allowed to access resources on a web server. This rule will triggers when an attempt is made to send an htgroup
pattern to http web server.
Signature ID: 901
/bin/ls command web vulnerability
Threat Level: Information
Signature Description: The ls command lists the files and file system layout on a UNIX or Linux based system. The
attacker could possibly gain information needed for other attacks on the host by using the ls command. This rule will
triggers when an attempt is made to send an /bin/ls pattern to http web server.
Signature ID: 903
/bin/ps command web vulnerability
Threat Level: Warning
Signature Description: This rule hits when /bin/sh with white space chars as %20 or + or a blank space.The ps
command lists the process status of running processes on a UNIX or Linux based system. Using "ps", the attackers