TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
140
Signature ID: 1107
Flexform access Vulnerability
Threat Level: Information
Signature Description: Flexform Software is available on OpenVMS computers. It is middleware used to produce
documents directly from your OpenVMS applications(OpenVMS(Virtual Memory System)is a multi-user,
multiprocessing virtual memory based operating system designed for use in time sharing, batch processing, real time
and transaction processing). This rule will trigger when an attacker access to the flexform CGI program. This
successful exploitation can allow an attacker to read arbitrary files on the system.
Signature ID: 1108
Faq-O-Matic Form.cgi access vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0230 CVE-2002-0749 Bugtraq: 4565,4579 Nessus: 11748
Signature Description: Faq-O-Matic is a great little product for managing a bunch of FAQs. It allows people who visit
the site to maintain the FAQ by adding new questions and answers and stuff like that. It has quite a pleasing colour
scheme. Also the name of the product has some real pep, it reminds a vacuum cleaner. Jon Howell Faq-O-Matic 2.712
and Jon Howell Faq-O-Matic 2.711 versions are vulnerable to cross site scripting. where an attacker can craft a URL
with malicious code in the "cmd" argument. If a legitimate user activates the URL, malicious code may be executed on
the client computer with the security context of the web server.
Signature ID: 1109
Formmail Environmental Variables Disclosure Vulnerability
Threat Level: Information
Industry ID: CVE-2000-0411 CVE-1999-0172 Bugtraq: 1187,2079 Nessus: 10076,10782
Signature Description: An unauthorized remote user is capable of obtaining CGI environmental variable information
from a web server running Matt Wright FormMail by requesting a specially formed URL that specifies the email
address to send the details to.This is accomplished by specifying a particular CGI environmental variable such as
PATH, DOCUMENT_ROOT, SERVER_PORT in the specially formed URL which will email the results to the
address given. The information obtained could possibly be used to assist in a future attack.Versions 1.6,1.7,1.8 of Matt
Wright FormMail are prone to this vulnerability.
Signature ID: 1110
Gbook.cgi Remote Command Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-1131 Bugtraq: 1940
Signature Description: Bill Kendrick GBook.cgi 1.0 is vulnerable version, In these versions software Gbook.cgi script
does not validate properly the user-supplied input to the script's _MAILTO parameter. This allows a malicious
user(remote attacker) to append a ';' character to the definition of the _MAILTO field, followed by text containing
malicious shell commands. These will be executed as the webserver, providing the attacker with an elevation of
privileges, and, if properly exploited, allowing more serious compromises of the host system. Finally the attacker can
execute arbitrary code on the Web server and gain elevated privileges.
Signature ID: 1111
Getdoc.cgi access vulnerability
Threat Level: Information
Industry ID: CVE-2000-0288 CVE-2002-0749 Bugtraq: 4579 Nessus: 11748
Signature Description: Infonautics provides online access to research materials, and uses getdoc.cgi to manage the