TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
149
Signature ID: 1156
Interactive Story Directory Traversal Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0804
Bugtraq: 3028 Nessus: 10817
Signature Description: Valerie Mates Interactive Story 1.3 is vulnerable version, A remote attacker can set the 'next'
field to a file name and use "dot dot" sequences (/../) to traverse directories and read any file on the system. After
received this type of requests the script(story.pl) does not validating properly the hidden field 'next' passing values, the
program fails to proper validation the contents of the hidden field 'next'. Then the remote attacker could traverse
directories on the Web server.
Signature ID: 1157
WEB-CGI streaming server view_broadcast.cgi access
Threat Level: Information
Industry ID: CVE-2003-0422 Bugtraq: 8257
Signature Description: Apple's QuickTime Streaming Server technology that allows to send streaming media to clients
across the Internet using the industry standard RTP and RTSP protocols. Darwin Streaming Server provides a high
level of customizability and runs on a variety of platforms allowing to manipulate the code to fit the needs. Apple
Quicktime Streaming Server 4.1.3 and Apple Darwin Streaming Server 4.1.3 are vulnerable to a denial of service
condition. When an http request is made to the view_broadcast.cgi script without specifying any parameters, the server
will not accept new connections. This vulnerability is fixed in QuickTime/Darwin Streaming Server 4.1.3g.
Sdministrators are advised to update 4.1.3g or later version to resolve this issue.
Signature ID: 1158
Way to the Web TalkBack.cgi Directory Traversal Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0420 Bugtraq: 2547
Signature Description: TalkBack is a CGI script written by Way to the Web. Way to the Web TalkBack 1.1 and prior
versions are vulnerable, these versions allowing website administrators to facilitate user feedback. A vulnerability
exists in talkback.cgi which can allow a remote user to traverse the file system of a target host. A malicious user(remote
attacker) will send a specially crafted uri to 'talkback.cgi' with invalid value will pass to 'article' parameter, <br>after
received this type of request that script does not validate properly user given input, this may lead to the disclosure of
possibly sensitive file contents. Patches available, update latest version found at vendor website.
Signature ID: 1159
WEB-CGI technote main.cgi file directory traversal attempt vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0075
Bugtraq: 2156
Signature Description: Technote software for Technics, Roland, Yamaha, Casio and Hammond software, MIDI files,
accessories, music, free downloads, forums and more. Technote Technote 2001/2000 versions are vulnerable, in these
versions the 'main.cgi' script does not validate properly the user inputs through uri. A malicious user(remote attacker)
will send a specially-crafted uri to this script, after received the request, the attacker supplied variable is used as a
filename when the open() function is called. In addition to allowing the attacker to specify a file to be opened remotely,
the variable is not checked for '../' character sequences. As a result, the remote attacker can specify any file on the file
system as this variable (by using ../ sequences followed by its real path), which will be opened by the script. Its
contents will then be disclosed to the attacker. No remedy available.