TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
145
Signature ID: 1135
Ipswitch IMail Server Mailbox Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-1283
Bugtraq: 3427
Signature Description: Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail
supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP, etc. Ipswitch IMail 7.0.4 is
vulnerable version to a denial of service. A remote attacker could an invalid mails like the name of the mail is too long
i.e., that contains 248+ dots('.') after received this type of mails copying to mailbox then the web interface will crash.
Once interface crashes then it must be restarted to regain normal functionality. This signature checks attacks on
printmail CGI.
Signature ID: 1136
Ipswitch IMail Server Mailbox Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-1283 CVE-2002-0749 Bugtraq: 3427,4579 Nessus: 11748
Signature Description: Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail
supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP, etc. Ipswitch IMail 7.0.4 is
vulnerable version to a denial of service. A remote attacker could an invalid mails like the name of the mail is too long
i.e., that contains 248+ dots('.') after received this type of mails copying to mailbox then the web interface will crash.
Once interface crashes then it must be restarted to regain normal functionality. This signature checks attacks on
readmail CGI.
Signature ID: 1137
Ikonboard Arbitrary Command Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0076 Bugtraq: 2157
Signature Description: Ikonboard is a free forum system. Similair to UBB and UB, Ikonboard was written in Perl.
Jarvis Entertainment Group, Ikonboard 2.1.7b and prior versions are vulnerable, A remote attacker could send a URL
request setting the $SEND_MAIL variable in this URL, by setting the $SEND_MAIL variable in the URL, this request
will send to register.cgiscript, it is possible to specify the binary to execute as the httpd userid, and then register to
execute the program. After received this type of requests it is not validating properly the user given inputs, so this
design flaw makes it possible for a user with malicious intent to gain local access to a system running ikonboard.
Signature ID: 1138
John O'Fallon 'responder.cgi' DoS Vulnerability
Threat Level: Warning
Bugtraq: 3155
Signature Description: John O'Fallon 'responder.cgi' is a free CGI shell script, written in C, for MacHTTP Server and
other MacOS webserver products. John O'Fallon Responder.cgi 1.0 version is vulnerable to denial of service, a
malicious user(remote attacker) could send HTTP GET requests with an excessive number of characters will cause the
server to freeze. After received this type of request the MacHTTP webserver not validating proper bounds checking in
the script 'responder.cgi', it is possible to cause a denial of service to MacHTTP webserver. The webserver will need to
be restarted to regain normal functionality.
Signature ID: 1139
Webcom Datakommunikation CGI Guestbook rguest Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0287
CVE-1999-0467 Bugtraq: 2024
Signature Description: The WebCOM Network is a collections of states (Departments), Districts, and Posts internet