TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

121

122

123

124

125

126

127

128

129

130

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

124

application running in the webserver by detecting /AT-generated.cgi content in the URI. Excite for Web Servers (EWS)

1.1 is prone to this vulnerability

Signature ID: 1031

AlienForm2 CGI directory traversal vulnerability

Threat Level: Warning

Industry ID: CVE-2002-0934

Bugtraq: 4983 Nessus: 11027

Signature Description: AlienForm2, developed by Jon Hedley, is a Web form to the email gateway written in Perl.

<br>AlienForm2 version 1.5 is vulnerable, it could allows a remote attacker to traverse directories on the Web server.

A remote attacker will send a crafted URL request to af.cgi script, this request containing modified "dot dot" sequences

(such as .|.%2F) to traverse directories and manipulates arbitrary files on the server(to view any file, append arbitrary

<br>data to an existing file, and write arbitrary data to a new file on the target computer). This is way to the disclosure

of sensitive system information which may be used by an attacker to further compromise the system. No remedy

available as of August 2008.

Signature ID: 1032

Aplio Internet Phone Arbitrary Command Execution Vulnerability

Threat Level: Warning

Industry ID: CVE-2000-0923 Bugtraq: 1784

Signature Description: Aplio, Aplio Internet Phone is VoIP, it works with SIP and RTP protocols. Aplio, Aplio

Internet Phone 2.0.33 is vulnerable version. An attacker can send a specially-crafted URL to the device and execute

commands in /bin/sh. After received these type of request URLs submitted to the device are not properly filtered for

shell meta characters. So the attacker could exploit this vulnerability to access the password stored in the configuration

file, and then connect to the device and perform additional attacks.

Signature ID: 1033

W3C Amaya Templates Server Directory Traversal Vulnerability

Threat Level: Severe

Industry ID: CVE-2001-0272 Bugtraq: 2504

Signature Description: W3C's Amaya is a WYSIWYG web browser and authoring program. A complement package,

the templates server, provides the ability to retrieve templates from an apache web server, for use in Amaya-based

authoring. W3C templates server for Amaya 1.1 is vulnerbale version, one of the scripts used by this vulnerable server,

sendtemp.pl, is vulnerable to a simple directory traversal and file retrieval vulnerability. After received the request, this

script doing insufficient parsing of the requested template files. Remote attackers can specify a template containing

"dot dot" (../) sequence methods of traversing directories to retrieve arbitrary files. This is a non-priority technology

vulnerability.

Signature ID: 1034

Armada Master Index directory traversal Vulnerability

Threat Level: Warning

Industry ID: CVE-2000-0924 Bugtraq: 1772 Nessus: 10562

Signature Description: Master Index is a professional search engine such as Yahoo and Alta Vista. This search engine

supports loads of features. Admins can set script to automatically add submissions or wait until confirmed by the

admin, users can edit and delete their listings. Armada Design Master Index 1.0 is vulnerable, this could allows a

remote attacker to traverse <br>directories on the Web server. The 'catigory' variable input parameters to the search.cgi

script is not properly validating for "dot dot" (/../) sequences in URLs. No remedy available as of August 2008.