TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
147
an attacker access to the rwwwshell.pl CGI script. This successful exploitation can allow an attacker to obtain a shell
on the web server.
Signature ID: 1145
Apache Artificially Long Slash Path Directory Listing and ScriptAlias Source Retrieval
Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0236
CVE-2001-0925 Bugtraq: 2300,2503
Signature Description: Some applications do not perform stringent checks when parsing the URL resulting in reveal of
sensitive information or may cause a Denial of Service. Apache HTTP Server prior to 1.3.19 for Linux allows directory
listing on the Web server when a remote attacker sends multiple slashes in a HTTP request. NSCA httpd prior to and
including 1.5 and Apache Web Server prior to 1.0 also gives full listing of CGI-BIN directory if indexing is turned on
and a HTTP request with multiple slashes is sent. This may allow an attacker to audit scripts for vulnerabilities, retrieve
proprietary information, etc. Upgrade to newer version of the product.
Signature ID: 1146
Rod Clark Sendform.CGI Blurb File Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0710 Bugtraq: 5286
Signature Description: The sendform.cgi script can mail the information that a user enters on an HTML form. It also
can send the user a copy of the data entered on the form, and can send optional related files that define for each form.
Rod Clark sendform.cgi 1.4.4, Rod Clark sendform.cgi 1.4.3, Rod Clark sendform.cgi 1.4.2, Rod Clark sendform.cgi
1.4.1, Rod Clark sendform.cgi 1.4 versions are vulnerable. The vulnerability has been reported for sendform.cgi, which
may disclose arbitrary files to remote attackers. The script has an optional feature to send 'blurb files' to the email
addresses that are provided on the web form. However, sendform.cgi does not validate properly for the 'BlurbFilePath'
parameter. Thus it is possible for a remote attacker to modify the value of the BlurbFilePath parameter and obtain
access to arbitrary files.
Signature ID: 1147
WEB-CGI sendmessage.cgi access vulnerability
Threat Level: Information
Industry ID: CVE-2001-1100
Bugtraq: 3673
Signature Description: Sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to
execute arbitrary commands via shell meta characters in any field of the 'Compose Message' page
Signature ID: 1149
WEB-CGI setpasswd.cgi access vulnerability
Threat Level: Information
Industry ID: CVE-2001-0133 CVE-2002-0749 Bugtraq: 2212,4579 Nessus: 11748
Signature Description: The web administration interface for Interscan VirusWall 3.6.x and earlier does not use
encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator
password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and
passwords. setpasswd.cgi is used to modify the passwords, admin or user requests the setpasswd.cgi with the parameter
OPASS specifying the old pass, and PASS2, PASS3 parameters with the new password. the setpasswd.cgi modifies the
old pass with the new password. This request will be in clear or plain text format. If any worm or virus monitors this
they send the admin/user info to the attacker. attacker gains full access on the affected system.