TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
146
communications and information sites that are under one umbrella orginization for format. Like going into a nation-
wide grocery store, you know where items will be from store to store. WebCom datakommunikation Guestbook 0.1 is
vulnerable version. A malicious user(remote attacker) could send a specially crafted request to rquest.exe, by
specifying the path and filename as the parameter "template". After received the request these programs not validate
properly, so this request can retrieve the contents of arbitrary files to which the web server has access.
Signature ID: 1140
WEB-CGI rksh access vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0509
Signature Description: The rksh command invokes a restricted version of the Korn shell.Many sites that maintain a
Web server support CGI programs. Often these programs are scripts that are run by general-purpose interpreters, such
as /bin/sh or PERL. If the interpreters are located in the CGI bin directory along with the associated scripts, intruders
can access the interpreters directly and arrange to execute arbitrary commands on the Web server system
Signature ID: 1141
WEB-CGI nlog rpc-nlog.pl access vulnerability
Threat Level: Information
Industry ID: CVE-1999-1278
Signature Description: Nlog is a package of scripts designed to correlate and analyze output from the nmap 2.0 port
scanning software. A vulnerability in versions of Nlog up to 1.1b could allow a remote attacker to execute certain
commands on the system as the user running the server process, usually "nobody." The attacker is limited to running
commands in uppercase, which limits the scope of this vulnerability.
Signature ID: 1142
Nlog rpc-smb.pl script allows some arbitrary commands vulnerability
Threat Level: Warning
Industry ID: CVE-1999-1278
Signature Description: NLog is a set of PERL scripts for managing and analyzing nmap 2.0+ log files. It allows to keep
all of scan logs in a single searchable database. The CGI interface for viewing scaned logs is completly customizable
and easy to modify and improve. The core CGI script allows to add your own extension scripts for different services, so
all hosts with a certain service running will have a hyperlink to the extension script. Various vendors, Common
Gateway Interface (CGI) are vulnerable, nLog 1.1a and prior versions are vulnerable, these versions of nlog CGI scripts
not validating properly the shell metacharacters from the IP address argument, which could allow remote attackers to
execute certain commands via nlog-smb.pl.
Signature ID: 1143
WEB-CGI rsh access Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0509
Signature Description: The rsh package contains a set of programs which allow users to run commands on remote
machines, login to other machines, and copy files between machines. This rule will trigger's when an attacker access to
the rsh. This successful exploitation can allow an attacker to execute arbitrary commands on the web server.
Signature ID: 1144
WEB-CGI rwwwshell.pl access Vulnerability
Threat Level: Information
Signature Description: RWWWShell is a perl program for the paper "placing Backdoor through Firewalls". It allows
communicating with a shell through firewalls and proxy servers by imitating web traffic. This rule will trigger's when