TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

131

132

133

134

135

136

137

138

139

140

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

136

Signature ID: 1089

IBM Net.Data db2www.cgi Buffer overflow vulnerability

Threat Level: Warning

Industry ID: CVE-2000-0677

Signature Description: IBM Net.Data is a scripting language used to create web applications, it supports a wide range

of language environments and is compatible with most recognized databases.Net. Data contains a vulnerability which

reveals server information. IBM, Net.Data 6.1 is is vulnerable, when a malicious user (remote attacker) requesting a

specially crafted URL(that contains long value to PATH_INFO variables), by way of the CGI application, this verions

does not validating properly this type of requests, the server comprised of an <br>invalid request and known database,

then the attacker will reveal the physical path of server files. Successful exploitation of this vulnerability could assist in

further attacks against the victim host. Patches are available at vendor website.

Signature ID: 1090

DCForum dcboard.cgi Remote Admin Privilege Compromise Vulnerability

Threat Level: Warning

Industry ID: CVE-2001-0527 Bugtraq: 2728 Nessus: 10583

Signature Description: DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based

threaded discussion forums. DC Scripts DCForum 2000 1.0 and DC Scripts DCForum 6.0 are vulnerable, DCForum

does not validate properly this user-supplied input information. As a result, an attacker can cause a corruption of the

script's user records by providing a value for the last name field which includes URL-encoded pipes and newlines. By

appending desired values to the last name field, an attacker can insert account information for a new user, and specify

admin privileges.

Signature ID: 1091

Dfire.cgi access vulnerability

Threat Level: Information

Industry ID: CVE-1999-0913 Bugtraq: 564

Signature Description: The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which

allows for users to remotely execute commands as the user nobody. And This signature detects an HTTP URL request

for the Dragonfire CGI script file dfire.cgi with a pipe "|" character in one of its arguments.This could lead to a remote

compromise of the system running Dragon-Fire.

Signature ID: 1092

Netwin DNews News Server dnewsweb.cgi Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2000-0423 CVE-2002-0749 Bugtraq: 1172,4579 Nessus: 11748

Signature Description: Netwin DNEWS Web Server is advanced news server software that makes it easy to provide

users with fast access to Internet news groups. Installing own local news server software also gives to user complete

control to create user's own private or public discussion forums for enhanced communications across the organization

and Internet. NetWin DNews 5.3 version is vulnerable, a malicious user(remote attacker) will send a specially-crafted

overly long arguments request NetWin DNews dnewsweb.cgi script (including but not limited to "group," "cmd," and

"utag"), a buffer overflow condition will occur. This can lead to the remote execution of arbitrary code. patches may

available at vendor website.

Signature ID: 1093

IBM Net.Data document.d2w Path Disclosure Vulnerability

Threat Level: Warning

Industry ID: CVE-2000-1110 Bugtraq: 2017