TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

151

152

153

154

155

156

157

158

159

160

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

156

Signature ID: 1195

Nsconfig access Vulnerability

Threat Level: Information

Signature Description: .nsconfig file is used by Netscape Web server for configuration directives. It is a simple text file

which contains information about the exactly which folders have password protecting. Without this file we cannot

password protect directories. This rule will trigger's when an attacker probes for the .nsconfig file. This successful

exploitation can allow an attacker to gain access to the web server.

Signature ID: 1196

Wwwacl access Vulnerability

Threat Level: Information

Signature Description: .WWWacl file containing important information, it will give the location of the web passwd

file. The .wwwacl is used by CERN-derived Web servers for configuration directives. This signature detects when an

attacker access for the '.wwwacl' file. This successful exploitation can allow an attacker to gain access to the web

server.

Signature ID: 1197

Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability

Threat Level: Warning

Industry ID: CVE-CVE-2000-0884 Bugtraq: 1806

Signature Description: Internet Information Services, a set of Internet-based services for servers using Microsoft

Windows. <br>Microsoft Personal Web Server 4.0 and Microsoft IIS 5.0 versions are vulnerable, these versions are

allowing a remote attacker to access any file or folder on the Web Server with "anonymous" access. An malicious

user(remote attacker) could send a specially-crafted URL containing Unicode characters that represent slashes ("/") and

backslashes ("\"). After received these type of request the server does not validate properly the user-given data, so

attacker can bypass sanity checks and deny such requests by using this type of requests framing, finally attacker can

access files and folders on the Web server with the privileges of the IUSR_ <machinename>account (an anonymous

user account for IIS).

Signature ID: 1199

Pacific Software Carello File Duplication and Source Disclosure Vulnerability

Threat Level: Information

Industry ID: CVE-2000-0396

Bugtraq: 1245

Signature Description: CarelloWeb allow to build and update online store and customer-friendly shopping cart system.

Carello, version 1.2.1, web may reveal the source code of files on the server. An attacker could use the "add.exe"

component in Carello Web to create copies of known files on the web server, using a different file extension for the

new file. An attacker could submit HTTP request for new file to view its source code and gain sensitive information,

such as usernames and passwords. No remedy available as of September, 2008.

Signature ID: 1200

/cgi-bin/// access Vulnerability

Threat Level: Information

Bugtraq: 6145

Signature Description: This signature detects when an attacker access slash-slash sequence('//') to a URI, it is possible

for an attacker to disclose files on the vulnerable web server, effectively by passing any access controls. The vulnerable

server is Simple Web Server 0.5.1. And this vulnerability is possible for other web servers also.