TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
150
Signature ID: 1160
WEB-CGI technote print.cgi directory traversal attempt vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0075 Bugtraq: 2156
Signature Description: Technote software for Technics, Roland, Yamaha, Casio and Hammond software, MIDI files,
accessories, music, free downloads, forums and more. Technote Technote 2001/2000 versions are vulnerable, in these
versions the 'print.cgi' script does not validate properly the user inputs through uri. A malicious user(remote attacker)
will send a specially-crafted uri to this script, after received the request, the attacker supplied variable is used for
processing. In addition to allowing the attacker to specify a file to be opened remotely, the variable is not checked for
'../' character sequences. As a result, the remote attacker can specify any file on the file system as this variable (by using
../ sequences followed by its real path), which will be opened by the script. Its contents will then be disclosed to the
attacker. No remedy available.
Signature ID: 1161
WEB-CGI test.cgi access vulnerability
Threat Level: Information
Industry ID: CVE-1999-0070 Bugtraq: 2003
Signature Description: A vulnerability in the test-cgi script included with some http daemons makes it possible for the
users of Web clients to read a listing of files they are not authorized to read. This script is designed to display
information about the Web server environment, but it parses data requests too liberally and thus allows a person to view
a listing of arbitrary files on the Web server host.
Signature ID: 1162
WEB-CGI txt2html.cgi access disclosure Vulnerability
Threat Level: Information
Signature Description: Text to HTML(txt2html) is a program that converts plain text to HTML. It supports headings,
lists, simple character markup, and hyperlinking. It can also be used to aid in writing new HTML documents. This rule
triggered when an attacker access to txt2html.cgi with the dot dot sequences (/../). This successful exploitation can
allow an attacker to gain arbitrary files on the system.
Signature ID: 1163
WEB-CGI upload.pl access Vulnerability
Threat Level: Information
Signature Description: Upload.pl is a simple CGI perl script to upload file. The script uses a text file as a user database.
The text file contains the colon separated userid, Unix crypted password and user's upload path. This rule triggered
when an attacker access to the upload.pl script. This successful exploitation can allow an attacker to gain sensitive
information such as userids and passwords.
Signature ID: 1164
Blackboard CourseInfo 4.0 Database Modification Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0627
Bugtraq: 1486
Signature Description: Blackboard is a Web-based integrated teaching and learning environment. Blackboard
CourseInfo will support online classes at major universities such as Cornell University, Georgetown University, Yale
University, Tufts University and University of Pittsburgh, and availability on both Unix and Windows NT platforms.
Blackboard CourseInfo 4.0 is vulnerable version, this version software allows any user who has a valid account to
make modifications to the database. An attacker can enter custom form values through any perl script located in /bin