TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

131

132

133

134

135

136

137

138

139

140

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

131

Signature ID: 1063

Anyform CGI Semicolon Vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0066

Bugtraq: 719

Signature Description: Any Form is a popular perl CGI script, this support simple forms that deliver responses via

email. That is collects data from a WWW-Form and sends it to a specified e-mail address. <br>It can either use a

sendmail type program or directly contact a SMTP host via sockets to send messages. It can be used on any platform.

AnyForm versions 1.0 and 2.0 are vulnerable, these verions are not perform user supplied data sanity checking and

could be exploited by remote intruders to execute arbitrary commands. These commands were issued as the UID which

the web server runs as, typically 'nobody'. This rule detects unauthorized administrative access to the server or possible

execution of arbitrary code due to anform2 running in the webserver. John S. Roberts AnyForm 3.0 and John S.

Roberts AnyForm 4.0 are not vulnerable, so update any one version from this.

Signature ID: 1064

Archie access Vulnerability

Threat Level: Information

Signature Description: Archie is a program and used to search for file names on Internet FTP sites and recorded

information about the files. Archie applications are available from many major Internet sites. This rule will be trigger

when an attacker requesting the 'archie', then the attacker can gain unauthorized access and obtain sensitive

information.

Signature ID: 1065

Perlshop.cgi shopping cart program directory traversal vulnerability

Threat Level: Information

Industry ID: CVE-1999-1374

Signature Description: PerlShop.cgi allows remote users to access files in the web-root directory files via HTTP

request. This cgi procedures fails to check the authentications and allows all the users to access other than web-root, for

example /store/customers/ or /store/temp_customers/ directories, using this vulnerability remote attackers can view the

sensitive information of the affected system.

Signature ID: 1067

Ax-admin.cgi access Vulnerability

Threat Level: Information

Signature Description: Ax-admin scirpt creates a list of URL's. The list is hyperlinked. If may click on the link from

admin server and then jump right to site. And the URL might contain sensitive information. This rule will triggers

when an attacker access to the ax-admin.cgi script, an attacker can use this vulnerability to delete logs or overwrite

system files.

Signature ID: 1068

Axs.cgi access Vulnerability

Threat Level: Information

Signature Description: The AXS Script is a cgi or perl script that keeps track of the number, the source locations, the

clientinfo of visitors to http. It writes this data to an output file, named log.txt. This rule will triggers when an attacker

can access to the axs.cgi script. This successful exploitation can allow an attacker to gain sensitive information and

grabs the info about the visitors.