TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
15
Signature ID: 88
Htmlscript cgi access vulnerability
Threat Level: Severe
Industry ID: CVE-1999-0264
Bugtraq: 2001 Nessus: 10106
Signature Description: Miva's htmlscript CGI program provides a unique scripting language with HTML type tags.
Versions of the htmlscript interpreter (a CGI script) prior to 2.9932 are vulnerable to a file reading directory traversal
attack using relative paths (eg., "../../../../../../etc/passwd"). An attacker need only append this path as a variable passed
to the script via a URL. The contents of any file to which the web server process has read access can be retrieved using
this method.
Signature ID: 91
File reading attempt by prefixing file name with "~nobody" vulnerability
Threat Level: Severe
Nessus: 10484
Signature Description: It is possible to access arbitrary files on the remote web server by appending ~nobody/ in front
of their name (as in ~nobody/etc/passwd). This problem is due to a misconfiguration in HTTP server that sets UserDir
to './'. Apache server and lighttpd server < 1.4.19 are known to be vulnerable.
Signature ID: 92
Microsoft IIS 5.0 Translate Header Source Disclosure Vulnerability
Threat Level: Severe
Industry ID: CVE-2000-0778 Bugtraq: 1578
Signature Description: Microsoft IIS (Internet Information Services, formerly called Internet Information Server) is a
set of Internet-based services for servers using Microsoft Windows. Microsoft Internet Information Server (IIS) 5.0 is
vulnerable to Source Code disclosure when a HTTP request comes with a Translate header field and a back slash '\'
appended to the end of the URL. Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as
ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and
then executes them on the server. When a request is made as above, the scripting engine will be able to locate the
requested file, however, it will not recognize it as a file that needs to be processed and will proceed to send the file
source to the client. Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS00-058.
Signature ID: 93
ICat Carbo Server File Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-1069 Bugtraq: 2126 Nessus: 10112
Signature Description: ICat Electronic Commerce Suite is an application which enables a user to create and manage
web based catalogues. carbo.dll in iCat Electronic Commerce Suite 3.0 allows remote attackers to read arbitrary files
via directory traversal using relative path. It is possible to access any object on the system.Successful exploitation of
this vulnerability may disclose sensitive information such as usernames and passwords and aid in the development of
further attacks.
Signature ID: 94
Access to IIS 5 Internet Printing Protocol ISAPI extension (.printer) vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0241 Bugtraq: 2674 Nessus: 10661,10657
Signature Description: Windows 2000 has native support for the Internet Printing Protocol (IPP), an industry-standard
protocol for submitting and controlling print jobs over HTTP. The protocol is implemented in Windows 2000 via an
ISAPI extension that is installed by default as part of Windows 2000 but which can only be accessed via IIS 5.0. At
least one security problem (a buffer overflow) has been found with that extension in the past. The attacker could exploit