TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
141
document purchase and view process. A malicious user could alter the content of getdoc.cgi links in order to bypass the
payment page, thereby freely viewing documents that they would normally pay money to access.
Signature ID: 1112
NetBSD global global.cgi remote commands execute vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0952 CVE-2002-0749 Bugtraq: 4579 Nessus: 11748
Signature Description: NetBSD, Tama Communications Corporation, Global ports package 3.55 and prior versions are
vulnerable, these vulnerable versions are allowing a remote attacker to execute arbitrary commands on the system, The
Global CGI interface does properly validating quoted and escaped characters. By sending a specially-crafted format
string to the CGI interface, a malicious user(remote attacker) can execute shell commands on the system with the
security context of the web server. Upgrade to the newest version of global-4.0.1, patches are available at vendor
website.
Signature ID: 1113
Linksys Routers Gozila.CGI Denial Of Service Vulnerability
Threat Level: Warning
Bugtraq: 10453 Nessus: 11773
Signature Description: The Linksys EtherFast BEFSRU31 cable/DSL router connects multiple PCs to a high-speed
broadband Internet connection or to an Ethernet backbone. Configurable as a DHCP server, the EtherFast router acts as
the only externally recognized Internet device on local area network (LAN). The router can also be configured to block
internal users' access to the Internet. Linksys EtherFast BEFSRU31 Router 1.44 and prior versions are vulnerable,
<br>a malicious user(remote attacker) will send a specially-crafted request to gozila.cgi script after received the request
this script does not validate properly on parameters values(user input values) that are passed to the this script. The
server CPU becomes fully utilized by this malicious user the program stops servicing requests completely, then the
device will be under DoS.
Signature ID: 1114
CGIScript.NET csMailto Hidden Form Field Remote Command Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0180 CVE-2002-0749 Bugtraq: 4579 Nessus: 11748
Signature Description: Lars Ellingsen's Guestbook system is a comprehensive guestbook system with a number of
highly configurable features. Its main features are user defined form, view and preview-page, user defined HTML-code
between the entries in the view-page, E-mail notification, user defined thank-you e-mail to each guest, anti-spam
feature, Sort the entries in reverse order, Configurable time format, limiting the number of messages that is shown is
possible, Several languages supported by special language-files, Strip the message for any kind of HTML-tags,
Optional picture support, Bad words filter and Duplicated message check. Lars Ellingsen, Guestserver 4.12 and prior
versions are vulnerable, a malicious user(remote attacker)will send a specially crafted request to guestserver.cgi this
request contains executable code within pipe characters (|) in front of an email address in the email value of a
guestbook form. After recived the request the pipe meta character is not properly validating, code placed in the email
value is executed <br>with the security context of the web server.
Signature ID: 1115
BizDesign ImageFolio.cgi access vulnerability
Threat Level: Warning
Industry ID: CVE-2002-1334
CVE-2002-0749 Bugtraq: 6265,4579 Nessus: 11748
Signature Description: ImageFolio is a powerful multi-user browser-based administration area, unlimited heirarchial
catgories and subcategories, features are shopping cart, customer and orders database, SSL support for secure
checkouts, transactions, payment processing apabilities, and more. We can sell any type of product with ImageFolio
Commerce: stock photography, tangible products, services, photographic prints, digital downloads, software,