TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

111

112

113

114

115

116

117

118

119

120

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

112

software development. It offers strong support for integration with other languages and tools, comes with extensive

standard libraries. This is an attempt to execute a arbitrary python script outside its designated web root or cgi-bin, by

issuing bin/python command to the web server.

Signature ID: 916

Bin/tclsh command web execute vulnerability

Threat Level: Severe

Signature Description: Tclsh is a shell-like application that reads Tcl commands from its standard input or from a file

and evaluates them. If invoked with no arguments then it runs interactively, reading Tcl commands from standard input

and printing command results and error messages to standard output. It runs until the exit command is invoked or until

it reaches end-of-file on its standard input. This rule will triggers when an attempt is made to send an bin/tclsh pattern

via web clients.

Signature ID: 917

Cc command web execute vulnerability

Threat Level: Warning

Signature Description: This is an attempt to compile a C or C++ source file on a host. The "cc" command is the GNU

project's C and C++ compiler used to compile C and C++ source files into executable binary files. The attacker could

possibly compile a program needed for other attacks on the system or install a binary program of his choosing. This

rule generates an event when an attacker sent "cc" pattern to the http server.

Signature ID: 918

Chgrp command web execute vulnerability

Threat Level: Warning

Signature Description: This is an attempt to change file permissions on a machine. Using "chgrp" command an attacker

may change the permissions of a file to suit his own needs, make a file readable, writeable or excutable to other groups

and users that would otherwise not have these special permissions. Logs will be generated for this signature when

"/bin/chrp" pattern is sent to http server.

Signature ID: 919

Chmod command web execute vulnerability

Threat Level: Severe

Signature Description: This is an attempt to change file permissions on a machine. Using "chmod" command an

attacker may change the permissions of a file to suit his own needs, make a file readable, writeable or excutable to

other groups and users that would otherwise not have these special permissions. Logs will be generated for this

signature when "/bin/chmod" pattern is sent to http server.

Signature ID: 920

Chown command web execute vulnerability

Threat Level: Warning

Signature Description: This is an attempt to change file ownership permissions on a machine. Using "chown"

command an attacker may change the permissions of a file to suit his own needs, make a file owned by another user

who would otherwise not have these special permissions. Logs will be generated for this signature when "chown"

pattern is sent to http server.