TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
126
Signature ID: 1040
IWeb Hyperseek 2000 Directory Traversal Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0253 Bugtraq: 2314
Signature Description: IWeb Hyperseek Jackhammer is a Search Engine System. This Search Engine is a powerful
Perl based script which helpfull to create and manage an online Pay per click search engine on website with complete
support. The major features that are offered along with this script features include Category Structures of Unlimited
Depth, Top Rated Relevancy Matching, Adult Filtering, support of multiple paid incoming "backfill" feeds, eligible for
revenue sharing to your own affiliates.iWeb Systems HyperSeek 2000 version is vulnerable, when these verions are
using there is a chance to read arbitrary files and directories via directory traversal attack in the show parameter to
hsx.cgi script. patches are available at vendor website.
Signature ID: 1041
IWeb Hyperseek 2000 Directory Traversal Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0253 Bugtraq: 2314
Signature Description: Hyperseek Search Engine is industrial strength directory and search engine software. SQL
Database driven, feature-packed, web based configuration and setup, fully Template based customization. Designed for
speed, heavy traffic, and user friendliness. iWeb Systems HyperSeek 2000 version is vulnerable to directory traversal.
These versions software's hsx.cgi script does not validate properly the user given data, the request contains '../'
sequences and '%00' escape characters, the remote attackers are could send this type of specially-crafted URL requests
send to hsx.xgi script, then will disclose the directory listing and files and directories of the target(web server) with
read permissions.
Signature ID: 1042
WEB-CGI LWGate access Vulnerability
Threat Level: Information
Signature Description: LWGate is a CGI script, which allows WWW clients to send information to HTTP servers. It
uses PATH_INFO variable to know which 'page' of information you want. This rule triggered when an attacker access
to the LWGate script. This successful exploitation can allow an attacker to gain unauthorized administrative access to
the server or execute arbitrary code on the web server.
Signature ID: 1043
MDaemon form2raw.cgi access vulnerability
Threat Level: Warning
Bugtraq: 9317
Signature Description: Alt-N Technologies provides affordable Windows-based software, including an email server,
email antivirus and antispam protection, Outlook integration, and network fax management software. MDaemon
protects your users from spam and viruses, provides full security, includes seamless web access to your email via
WorldClient, remote administration. MDaemon/WorldClient Alt-N MDaemon 6.8.5 and below versions are vulnerable,
a malicious user(remote attacker) will send with more than 249 bytes in the "From" field to FROM2Raw.cgi script,
when processing that request by MDaemon will cause a Stack buffer overflow. Then the attacker can execute arbitrary
code in the context of the vulnerable software in order to gain unauthorized access. Patches are not available.
Signature ID: 1044
MDaemon form2cgi buffer overflow vulnerability
Threat Level: Severe
Bugtraq: 9317