TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
154
HTTP GET requests to the web interface by authenticated users. The attacker sending request contains an MS-DOS
device name, as demonstrated using "prn.htm", then this remote attacker could cause the program to crash.
Signature ID: 1179
NetScreen SA 5000 delhomepage.cgi XSS Vulnerability
Threat Level: Warning
Bugtraq: 9791
Signature Description: The NetScreen is a firewall of from Juniper, NetScreen NetScreen-SA 5000 Series is
vulnerable, this version is prone to a cross-site scripting vulnerability, that may allow an malicious user(attacker) to
execute arbitrary HTML or script code in the browser of a vulnerable user. A malicious user(remote attacker) will send
uri request with 'row' parameter to the 'delhomepage.cgi' script, this script after received these type of requests does not
validating properly the user-supplied data. So the attacker can execute arbitrary <br>HTML code or script code in
browser.
Signature ID: 1180
RiSearch/RiSearch Pro Open Proxy Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-2061 Bugtraq: 10812
Signature Description: The RiSearch (and Pro) Suite is a set of PERL scripts that enables users to search web sites.
RiSearch does not use any libraries or database systems, just pure Perl. Therefore, it could be used on any server where
user account with CGI (even on some free hosting providers). Script is able to work with different languages, Simple
and convenient query language. RiSearch Software RiSearch Pro 3.2.6 and versions from RiSearch Software RiSearch
0.99.1 to RiSearch Software RiSearch 0.99.8 are vulnerable. A remote attacker could send a invalid URI request to
'show.pl' script, after received this type of requests, it is not performed for proper validation on user supplied URI
parameters. Then the remote attacker may exploit this condition in order to launch attacks against local and public
services in the context of the site that is hosting the vulnerable script.
Signature ID: 1181
Ipswitch WhatsUp Gold Remote Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0798 Bugtraq: 11043
Signature Description: WhatsUp Gold is the best network management software for businesess of all sizes, with SNMP
& WMI monitoring, comprehensive discovery, and instant alerting, notification, and reporting capabilities for single
site networks. Ipswitch WhatsUp Gold 8.0 3, Ipswitch WhatsUp Gold 8.0 1, Ipswitch WhatsUp Gold 8.0, Ipswitch
WhatsUp Gold 7.0 4, Ipswitch WhatsUp Gold 7.0 3, Ipswitch WhatsUp Gold 7.0 versions are vulnerable to buffer
overflow. A malicious user(remote attacker) could post a specially-crafted long string for the instancename parameter
to overflow a buffer and execute arbitrary code on the system. After received this type of requests, the _maincfgret.cgi
script copy the user given inputs into insufficient buffer, then this buffer will overflow.
Signature ID: 1185
IBill Management Script Weak Hard-Coded Password Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0839
Bugtraq: 3476 Nessus: 11083
Signature Description: IBill Internet Billing Company Processing Plus 0 is vulnerabile version. iBill hard codes a weak
password for the user management script, ibillpm.pl, installed for clients that use the Password Management system.
The weak password is the client's MASTER_ACCOUNT plus only 2 letters that are lower-case (aa - zz). So attacker to
bypass the billing system and easily add/delte/chgpwd of arbitrary users in the .htpasswd file by posting a brute force.
The CGI keeps no auditing record of what changes it makes, nor does the web log file indicate what username was