TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
157
Signature ID: 1201
ECWare CGI Denial Of Service Vulnerability
Threat Level: Information
Bugtraq: 6066
Signature Description: ECware is Electronic Commerce Software for Windows NT that provides merchants with the
ability to sell physical and digital products over the Internet with real-time credit card authorizations. ECware ,version
4.0.0 and 5.0.0, is a denial of service vulnerability. The issue is triggered in the ECware.exe CGI program. The
ECware.exe CGI program does not exit properly when certain errors occur. Then the IIS(Internet Information Server)
stops responding to HTTP requests and errant ECware.exe process will not be terminated. If the web server stopped
and restarted to regain normal functionality. Some ECware.exe processes may continue to run and consume memory on
the system until the computer is rebooted. The issue is fixed in the version of ECware 5.1 or later. Update this latest
version for removing this issue, which is available at vendor's web site.
Signature ID: 1202
/home/ftp access
Threat Level: Information
Signature Description: Some applications do not perform stringent checks when validating the credentials of a client
host connecting to the services offered on a host server. This can lead to unauthorized access and possibly escalated
privileges to that of the administrator through /home/ftp access.
Signature ID: 1203
/home/www access
Threat Level: Information
Nessus: 11032
Signature Description: Some applications do not perform stringent checks when validating the credentials of a client
host connecting to the services offered on a host server. This can lead to unauthorized access and possibly escalated
privileges to that of the administrator through /home/www access.
Signature ID: 1204
/~ftp access Vulnerability
Threat Level: Information
Signature Description: FTP(File Transfer Protocol), is the protocol for exchanging files over the Internet. It is used to
exchange files between computer accounts, to transfer files between an account and a desktop computer, or to access
software archives on the internet. This signature detects when an attacker send '/~ftp'. The successful exploitation can
allow an attacker to gain FTP permissions and read, write, or transfer files.
Signature ID: 1205
3Com Wireless Router 3CRADSL72 app_sta.stm access Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-1596
Bugtraq: 11408
Signature Description: Router is a computer whose software and hardware are usually tailored to the tasks of routing
and forwarding information. Routers generally contain a specialized operating system. 3Com 3CRADSL72 Wireless
Router is vulnerable to Information Disclosure and Authentication Bypassing. This is can allow a remote attacker to
disclose sensitive information such as the router name, primary and secondary DNS servers, default gateway. Attackers
could also reportedly gain administrative access to the router.