TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
125
Signature ID: 1035
CCBill WhereAmI.CGI Remote Arbitrary Command Execution Vulnerability
Threat Level: Information
Bugtraq: 8095
Signature Description: CCBill uses a CGI called whereami.cgi for its technical support needs, a vulnerability in the
CGI it allows remote attackers to execute commands. Whereami.cgi is not properly validating the types of input
parameters. Because of this, an attacker may be able to gain access to a system with the privileges of the web server
process. It is possible to supply system commands to the "g" parameter to WhereAmI.CGI(whereami.cgi?g=command
format in a URL). Supplied commands can list file names, show the contents of the password file, or install a back
door. No remedy is available as of august 2008.
Signature ID: 1037
Emumail Webmail Cross Site Scripting Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-2334 Bugtraq: 9861
Signature Description: EMUMAIL is a group of talented programmers, designers, and business types, united to bring
custom tailored, cutting edge technology to the cookie-cutter electronic messaging industry. EMUMAIL designs and
builds communications infrastructure for ISPs, corporations, individuals, and organizations worldwide. EMU Webmail
5.2.7 is vulnerable, this will not validating properly the user input passed parameters before it is returned. This can be
exploited to execute arbitrary HTML and script code in a user's current browser session in context of an affected site.
Finally it may allows an attacker to carry out cross-site scripting. No remedy available as of August 2008.
Signature ID: 1038
EMU Webmail init.emu path disclosure vulnerability
Threat Level: Warning
Industry ID: CVE-2004-2385 CVE-2004-2334 Bugtraq: 9861
Signature Description: EMUMAIL is a group of talented programmers, designers, and business types, united to bring
custom tailored, cutting edge technology to the cookie-cutter electronic messaging industry. EMUMAIL designs and
builds communications infrastructure for ISPs, corporations, individuals, and organizations worldwide. EMU Webmail
5.2.7 is vulnerable, this will not validating properly the user input passed parameters before it is returned. This can be
exploited to execute arbitrary HTML and script code in a user's current browser session in context of an affected site. A
remote attacker requests the init.emu script without parameters, which contains the installation path of EMU Webmail.
which will disclose the physical path of the script resulting in a loss of confidentiality. No remedy available as of
August 2008.
Signature ID: 1039
FormHandler.cgi Directory Traversal Vulnerability
Threat Level: Severe
Industry ID: CVE-1999-1050
Bugtraq: 798,799 Nessus: 10075
Signature Description: FormHandler takes care of all of basic tasks while offering some advanced features that allow
to easily use forms to send requested files to a visitor via email create Web-based email interfaces, administer simple
mailing lists. Matt Wright FormHandler.cgi 2.0 is vulnerable, these versions are allowing attackers to read all files on
the server that the CGI script has read access to, including the /etc/passwd file. An attacker could save the templates as
files that reference absolute pathnames in the form document. Once an <br>attacker clicks submit on the local form, the
FormHandler CGI would email the /etc/passwd file to the specified email address. No remedy available as of August
2008.