TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
139
craft an HTTP request that causes a buffer overflow condition on the web server, and can overwrite system memory
with data included in the URL. The remote attacker will send large amounts of data, normally in some CGI programs,
user supplied data is written to a staticly sized array, the received data is more than the declared array size buffer
overflow will ocuur and overwrite adjacent areas of stack memory. If return pointers are overwritten, arbitrary code
may be executed as the vulnerable process.
Signature ID: 1103
EZNE.NET Ezboard 2000 Remote Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0263
CVE-2002-0749 Bugtraq: 4068,4579 Nessus: 11748
Signature Description: Easyboard is a guestbook script that works with a text file for data storage, the display can be
tweaked by setting variables and the script is just one part of code that you have to insert into php page. EZNE.net
ezboard 1.27 version is vulnerable, this version server 'ezman.cgi' script is allows a malicious user(remote attacker) to
craft an HTTP request that causes a buffer overflow condition on the web server, and can overwrite system memory
with data included in the URL. The remote attacker will send large amounts of data, normally in some CGI programs,
user supplied data is written to a staticly sized array, the received data is more than the declared array size buffer
overflow will ocuur and overwrite adjacent areas of stack memory. If return pointers are overwritten, arbitrary code
may be executed as the vulnerable process.
Signature ID: 1104
FAQManager.CGI NULL Character Arbitrary File Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0380 Bugtraq: 3810,1154 Nessus: 10387,10837
Signature Description: FAQManager.cgi is a Perl script, it will maintain a FAQ (Frequently Asked Questions) via a
web interface. It will run on most Unix/Linux and Microsoft Windows platforms. FAQManager is not properly
validating certain types of input from incoming requests to web server. It is possible to append a NULL character
(%00) to a web request and display the contents of an arbitrary web-readable file. FAQManager FAQManager.cgi
versions 2.2.5 and prior versions are vulnerabile. Patches are available at vendor website.
Signature ID: 1105
LakeWeb Filemail CGI script remote arbitrary code execution vulnerability
Threat Level: Information
Industry ID: CVE-1999-1154
Signature Description: FileSeek.cgi is an example script that locates and downloads files on a web server, available in
"The CGI/Perl Cookbook," that contains two vulnerabilities due to erroneous parsing An attacker could use "....//" in
the HEAD or FOOT parameter of an HTTP request to fileseek.cgi to view arbitrary files on the server or could use a
similar method to execute shell commands on the web server.
Signature ID: 1106
FileSeek CGI Script File Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0611 CVE-2002-0749 Bugtraq: 4579,6784 Nessus: 11748
Signature Description: FileSeek.cgi is an example script that locates and downloads files on a web server, Wiley
Computer Publishing Craig Patchett FileSeek2.cgi and Wiley Computer Publishing Craig Patchett FileSeek.cgi are
vulnerable, in there versions the FileSeek.cgi script is not properly validating the user input to parameters. A remote
attacker will send HTTP request with "../" or "..//" to the HEAD or FOOT parameter to fileseek.cgi to view arbitrary
files on the server or could use a similar method to execute shell commands on the web server. Apply the patch for this
vulnerability, as listed in DSINet Advisory.