TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

111

112

113

114

115

116

117

118

119

120

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

115

the credentials of a client host connecting to the services offered on a host server. This can lead to unauthorized access

and possibly escalated privileges to that of the administrator. Data stored on the machine can be compromised and trust

relationships between the victim server and other hosts can be exploited by the attacker.

Signature ID: 935

Perl Web Execution Vulnerability

Threat Level: Warning

Signature Description: This is an attempt to execute a perl script on a host. Perl is a scripting language that is available

on a wide variety of platforms. By default perl code runs with full access to all libraries and inbuilt commands available

to the language. When combined with the access permissions of the user executing the script, the consequences of

running arbitrary code can be devastating

Signature ID: 936

Ping command web execute vulnerability

Threat Level: Warning

Signature Description: This rule generates an event when a "ping" command is used over a plain-text (unencrypted)

connection on one of the specified web ports to the target web server. The "ping" command may be used to perform

information gathering activities.

Signature ID: 937

/bin/ps command web execute vulnerability

Threat Level: Information

Signature Description: The ps command lists the process status of running processes on a UNIX or Linux based

system. Using "ps", the attackers would check for various running system services to exploit or for the presence of

security software, such as host IDS or monitoring scripts. The attacker could possibly gain information needed for other

attacks on the system. This rule will triggers when an attempt is made to send an /bin/ps pattern to http web server.

Signature ID: 938

WEB-ATTACKS python access vulnerability

Threat Level: Warning

Industry ID: CVE-2005-3302

Bugtraq: 17663

Signature Description: This is an attempt to execute a python script on a host. Python is a scripting language that is

available on a wide variety of platforms. By default Python code runs with full access to all libraries and inbuilt

commands available to the language. When combined with the access permissions of the user executing the script, the

consequences of running arbitrary code can be devastating. Logs will be generated for this signature when python

pattern is sent to the http server.

Signature ID: 939

Remove (rm) Command in URI vulnerability

Threat Level: Warning

Signature Description: This is an attempt to remove files on a machine. Using "rm" command an attacker may delete

files on a machine. The attacker can make a standard HTTP request that contains "rm" in the URI which can then delete

files present on the host. This command may also be requested on a command line should the attacker gain access to

the machine. This rule generates an event when an attacker sent "rm" command to the http server.

Signature ID: 940

Tclsh web execution vulnerability

Threat Level: Warning

Signature Description: This is an attempt to execute a 'tclsh' command or script on a webserver. tclsh is a shell