TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
155
added to the system (doesn't log POST data). Inaddition, the requests in the web log file all have HTTP response code
200, which usually doesn't indicate problems in error_log.
Signature ID: 1186
Mailman directory traversal attempt vulnerability
Threat Level: Warning
Industry ID: CVE-2005-0202
Signature Description: Mailman is free software for managing electronic mail discussion and e-newsletter lists.
Mailman is integrated with the web, making it easy for users to manage their accounts and for list owners to administer
their lists. Mailman 2.1.5 and earlier versions are vulnerable to read arbitrary files. A malicious user(remote attacker)
could send a specially crafted URL request to server, this user is a member of a private mailman list can submit this
specially crafted input value(dot dot sequence, ../) to access files on the system. After received this type of requests, the
true_path() function does not properly validate user-supplied input through the request, then there is a chance to view
files on the web server including the mailman configuration files and passwords.
Signature ID: 1191
Cobalt RaQ .bash_history Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0408 Bugtraq: 337
Signature Description: Some applications do not perform stringent checks when validating the credentials of a client
host connecting to the services offered on a host server. This can lead to unauthorized access and possibly escalated
privileges to that of the administrator and access .bash_history file. Cobalt RaQ 1.1 is prone to this vulnerability .
Signature ID: 1192
DOT history access Vulnerability
Threat Level: Information
Signature Description: This signature detects when an attacker retrieve the '.history' file. The web servers allows
attackers to retrieve the command history file. This file includes the list of command executed by the administrator, and
sensitive information such as password, user name. The Cobalt RaQ 1.1 is a vulnerable server. And this vulnerability is
possible for other servers also.
Signature ID: 1193
DOT htaccess access Vulnerability
Threat Level: Information
Signature Description: UNIX based web servers, such as Apache and Netscape Enterprise Server, use ".htaccess" files
to customize security settings on a per-directory level. These files can specify things like what users have access to
what resources, hosts that are allowed or denied, and what type of authentication system to use. This type of data would
be most useful for carrying out an attack on the site.
Signature ID: 1194
DOT htpasswd access Vulnerability
Threat Level: Information
Signature Description: Htpasswd is used to create and update the flat-files used to store user names and password for
basic authentication of HTTP users. This rule will triggers when an attacker to download the .htpasswd file, an attacker
can use this vulnerability to gain sensitive information such as user names, passwords.