TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
143
Signature ID: 1124
WEB-CGI maillist.pl access Vulnerability
Threat Level: Information
Signature Description: Maillist allows people to send e-mail to one address, whereupon their message is copied and
sent to all of the other subscribers to the maillist. This rule triggered when an attacker access to the maillist.pl script.
This successful exploitation can allow an attacker to execute arbitrary commands via shell metacharacters in the email
address.
Signature ID: 1125
3R Soft MailStudio mailview.cgi access vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0526 CVE-2000-0527 CVE-2002-0749 Bugtraq: 1335,4579 Nessus: 11748
Signature Description: 3R Soft's Mail Server provides industry-leading combination of reliability, scalability and
enterprise features for service providers and corporations. It supports integrated POP, IMAP, Web and wireless mail,
personal information management (PIM). 3R Soft MailStudio 2000 2.0 is vulnerable version, A malicious user(remote
attacker) could send a specially-crafted URL request to the mailview.cgi script, this request containing "dot dot"
sequences (/../) in the argument as a parameter value to traverse directories and view arbitrary files on the Web server.
After received the request this script does not validate properly the user given inputs, then there is a chnce to read
portions of arbitrary files. thereby compromising the confidentiality of other users email and password, as well as other
configuration and password files on the system.
Signature ID: 1126
WEB-CGI man.sh access vulnerability
Threat Level: Information
Industry ID: CVE-1999-1179
Signature Description: Vulnerability in man.sh CGI script, included in May 1998 issue of SysAdmin Magazine, allows
remote attackers to execute arbitrary commands.An attacker can access an authentication mechanism and supply
his/her own credentials to gain access. Alternatively the attacker can exploit weaknesses to gain access as the
administrator by supplying input of their choosing to the underlying CGI script. On Success the attacker gains the
admin access on the affected system.
Signature ID: 1127
Ministats admin access
Threat Level: Warning
Signature Description: Ministats is a Web site traffic analyzer which logs visits to any of web pages by placing a
simple, invisible tag. It also allows you to log referrals as well as total hits. This event is generated when an attempt is
made to gain unauthorized access to a web server or an application running on a web server. Some applications do not
perform stringent checks when validating the credentials of a client host connecting to the services offered on a host
server. This can lead to unauthorized access and possibly escalated privileges to that of the administrator. Data stored
on the machine can be compromised and trust relationships between the victim server and other hosts can be exploited
by the attacker.
Signature ID: 1129
MRTG CGI Arbitrary File Display Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0232
Bugtraq: 4017 Nessus: 11001
Signature Description: The mrtg.cgi script is part of the MRTG traffic visualization application. MRTG Multi Router
Traffic Grapher CGI 2.9.17 -win32 and MRTG Multi Router Traffic Grapher CGI 2.9.17 -unix are vulnerable, A
malicious user(remote attacker) could send a specially-crafted URL request to the mrtg.cgi script, this request