TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

111

112

113

114

115

116

117

118

119

120

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

117

Signature ID: 1000

Mozilla JavaScript URL Arbitrary Cookie Access Vulnerability

Threat Level: Warning

Bugtraq: 5293

Signature Description: Mozilla is an open source web browser available for a number of platforms, including

Microsoft Windows and Linux. Mozilla browser 0.9.2 is vulnerable to a cookie access vulnerability. A successful

exploitation of this vulnerability will allow an attacker to gaining access to sensitive cookie data, including

authentication credentials. This rule generates an event when an attacker sent cookie pattern to the http server. This

vulnerability is fixed in Mozilla browser 1.1 version. Administrators are advised to upgrade 1.1 or later version to

resolve this vulnerability.

Signature ID: 1001

Javacript document.domain execution vulnerability

Threat Level: Warning

Industry ID: CVE-2002-0815 Bugtraq: 5346

Signature Description: Implementations of Javascript in multiple browsers on multiple platforms contain an error that

may lead to a user inadvertantly running Javascript code of attackers choice. Microsoft, Internet Explorer6 and prior

versions, Mozilla 1.0 and prior versions are vulnerable. These browsers may allows a remote web server to access

HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the

restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-

controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.

Patches are available <br>at vendor's websites.

Signature ID: 1002

Microsoft Extended Metafile in URI Vulnerability

Threat Level: Warning

Bugtraq: 9707

Signature Description: Microsoft Internet Explorer (MSIE), commonly abbreviated to IE, is a series of graphical web

browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems. Microsoft

Windows XP Professional SP1 and prior versions are vulnerable. Microsoft Windows Explorer for these versions may

be prone to a multiple memory corruption vulnerabilities including a heap based overflow and an integer overflow. The

issues exist in the Metafile processing code. A malformed header may cause a DoS condition to occur. It may also be

possible for an attacker to execute code their choice on a vulnerable host.

Signature ID: 1004

Symantec Norton AntiSpam 2004 LaunchCustomRuleWizard buffer overflow vulnerability

Threat Level: Warning

Industry ID: CVE-2004-0363 Bugtraq: 9916

Signature Description: Symantec AntiSpam with AntiVirus makes email more secure and productive, providing

enterprises with an advanced antispam and email threat defense plus AntiVirus protection (powered by the Symantec

AntiVirus engine). Symantec Norton AntiSpam 2004 is vulnerable, stack-based buffer overflow in the

SymSpamHelper ActiveX component (symspam.dll), as used in Norton Internet Security 2004, allows remote attackers

to execute arbitrary code via a long parameter to the LaunchCustomRuleWizard method.

Signature ID: 1005

OUTLOOK EML gain access Vulnerability

Threat Level: Information

Signature Description: Outlook Express is designed for users to gain access to their e-mail messages by dialing in to an

Internet Service Provider. It provides full support all popular mail standards such as SMTP, POP3, IMAP, LDAP,