Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
11121314151617181920
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
14
Matt Wright GuestBook 2.3 allows for remote command execution, including displaying of any files to which the web
server has read access. Philip Chinery's Guestbook 1.1 does not filter script code from form fields. As a result, it is
possible for an attacker to inject script code into pages that are generated by the guestbook. Additionally, script code is
not filitered from URL parameters, making the guestbook prone to cross-site scripting attacks.
Signature ID: 83
Access to vulnerable cgi script 'Handler'
Threat Level: Severe
Industry ID: CVE-1999-0148 Bugtraq: 380 Nessus: 10100
Signature Description: IRIX is a computer operating system developed by Silicon Graphics, Inc. to run natively on
their 32- and 64-bit MIPS architecture workstations and servers. A vulnerability exists in the cgi-bin program 'handler',
as included by Silicon Graphics in their Irix operating system. This vulnerability will allow a remote attacker to execute
arbitrary commands on the vulnerable host as the user the web server is running as. This can easily result in a user
being able to access the system. SGI IRIX 6.4, SGI IRIX 6.3, SGI IRIX 6.2, SGI IRIX 5.3 are vulnerable.
Signature ID: 84
Home Free search.cgi directory traversal vulnerability
Threat Level: Severe
Industry ID: CVE-2000-0054 Bugtraq: 921
Signature Description: Home Free is a suite of Perl cgi scripts that allow a website to support user contributions of
various types. In Solution Scripts Home Free 1.0 one of the scripts, search.cgi, accepts a parameter called 'letter' which
can be any text string. The supplied argument can contain the '../' string, which the script will process. This can be used
to obtain directory listings and the first line of files outside of the intended web filesystem. It is possible to read
arbitrary files on the remote server by requesting : GET /cgi-bin/search.cgi?letter=\\..\\..\\.....\\file_to_read An attacker
may use this flaw to read arbitrary files on this server.
Signature ID: 86
Access to vulnerable cgi 'htdig'
Threat Level: Warning
Industry ID: CVE-2000-0208 CVE-2001-0834 CVE-2000-1191 Bugtraq: 1026,3410 Nessus: 10105
Signature Description: The ht://Dig system is a complete world wide web indexing and searching system for a domain
or intranet developed at San Diego State University. The 'htsearch' CGI, which is part of the htdig package (ht://Dig),
suffers from many flaws. It allows a malicious user to view any file on the target computer by enclosing the file name
with backticks (`) in parameters to htsearch (CVE-2000-0208). htsearch program in htdig 3.1.5 and earlier allows
remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial
of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an
alternate configuration file that specifies the target file (CVE-2001-0834). It also allows remote attackers to determine
the physical path of the server by requesting a non-existent configuration file using the config parameter, which
generates an error message that includes the full path (CVE-2000-1191).
Signature ID: 87
Access to vulnerable cgi 'htgrep'
Threat Level: Severe
Industry ID: CVE-2000-0832 Nessus: 10495
Signature Description: Htgrep allows you to query any document accessible to your server on a paragraph-by-
paragraph basis. It can search plain text, HTML and Refer bibliography files. It is a set of cgi-bin scripts written in perl.
Htgrep CGI program allows remote attackers to read arbitrary files by specifying the full pathname in the 'hdr'
parameter. e.g. http://www.example.com/cgi-bin/htgrep/file=index.html&hdr=/etc/passwd.