TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
153
Signature Description: Webstore is an shopping cart application which processes and manages online purchases. It is a
website that sells products or services and typically has an online shopping cart associated with it. With the popularity
of the Internet rapidly increasing, online shopping became advantageous for retail store owners, and many traditional
“brick and mortar” stores saw value in opening webstore counterparts. cgiCentral WebStore 400CS 4.14
and cgiCentral WebStore 400 4.14 versions are vulnerable. A malicious administrator, who do not have access to the
host serving the script, may use this vulnerability to gain access. If remote attackers can authenticate as administrators,
they may also be able to exploit this vulnerability to gain access to the host. Ws_mail.cgi calls system() with user-
supplied data in the command string. Because it does not filter metacharacters out of the user-supplied data, it is
possible for administrators to execute arbitrary commands on webserver hosts.
Signature ID: 1175
Www-sql access Vulnerability
Threat Level: Information
Signature Description: WWW-SQL is a script that provides a web interface for accessing MySQL or PostgresSQL
databases. It is a simple embedded scripting language. The commands are embedded in special HTML tags. This rule
will trigger when an attacker access to the www-sql script, an attacker can use this vulnerability to gain sensitive
information on the web server.
Signature ID: 1176
WWWBoard Password Disclosure Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0953 Bugtraq: 649 Nessus: 10321
Signature Description: WWWBoard is a threaded World Wide Web discussion forum and message board, which
allows users to post new messages. It stores encrypted passwords in a password file(passwd.txt) that is under the web
root. This rule will trigger when an attacker access wwwadmin.pl script, an attacker can use this vulnerability to change
the name and location of 'passwd.txt'.
Signature ID: 1177
Abe Timmerman zml.cgi File Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-1209 Bugtraq: 3759 Nessus: 10830
Signature Description: Zml.cgi is a perl script which can be used to support server side include directives under
Apache. It recognizes a simple set of commands, and allows access to cgi parameters and environment variables. It can
run on Linux and Unix systems or any other platform with Apache and Perl support. Abe Timmerman zml.cgi all
versions are vulnerable, a malicious user(remote attacker) could send a specially-crafted URL request, that containing
"dot dot" sequences (/../) with a null byte character (%00) appended to the file name parameter, after received this type
of requests the zml.cgi script not validate properly, so then the attacker can view arbitrary files and directories on the
Web server.
Signature ID: 1178
Ipswitch WhatsUp Gold prn.htm Denial Of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0799
CVE-2004-0799 Bugtraq: 11110
Signature Description: Ipswitch WhatsUp Gold is comprehensive network monitoring software that allows IT
managers to turn network data into actionable business information. By proactively monitoring all critical network
devices and services. Ipswitch has created a forum to enable to share WhatsUp Gold product ideas and experiences
with other users online. <br>The Forum is generally unmoderated, but we will occasionally post comments. The HTTP
daemon in Ipswitch, WhatsUp Gold 8.03 is vulnerable version, a malicious user(remote-attacker) will send a specially-
crafted request this device couldnot give any responce this is under DoS(server crash), when handling these type of