TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

151

152

153

154

155

156

157

158

159

160

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

158

Signature ID: 1206

Admin_files directory access Vulnerability

Threat Level: Information

Signature Description: Shopping cart programs can use admin_files directory for storing configuration files. This rule

detects when an attacker attempting to access the admin_files directory. This successful exploitation can allow an

attacker to gain unauthorized information and scanning web server for installed applications.

Signature ID: 1207

Allaire JRun Servlet DoS Vulnerability

Threat Level: Warning

Industry ID: CVE-2000-1049 Bugtraq: 2337

Signature Description: JRun is a Java application server, supporting Java Server Pages, Java servlets and other Java

related technologies. The /servlet URL prefix is mapped as a handler for invoking servlets. Servlets are stored in a

hierarchical manner and are accessed via a naming convention of the type. Macromedia JRun 3.0 is vulnerable to denial

of service. Allaire JRUN 3.0 does not perform proper checks when validating the credentials of a client host connecting

to the services offered on a host server. Then there is chance to unauthorized access and possibly escalated privileges to

that of the administrator and access servlet/ file. A remote attacker can request a specially-crafted URL that contains

"/servlet/" in the path, followed by a long string of periods ("."), to consume all system resources on the JRun servlet

server.

Signature ID: 1209

Microsoft IIS Malformed .htr Request Vulnerability

Threat Level: Warning

Industry ID: CVE-2000-0304 Bugtraq: 1191

Signature Description: Internet Information Services, a set of Internet-based services for servers using Microsoft

Windows. Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed versions are allowing a remote

attacker to cause a denial of service. A malicious user(remote attacker) could senad a malformed request to the

inetinfo.exe program, if this request to change password, the server CPU becomes fully utilized until the administrator

performs a reboot to regain normal functionality.

Signature ID: 1210

HTTP Request Basic Authorization Scheme Buffer Overflow Vulnerability

Threat Level: Severe

Industry ID: CVE-2003-0727

Bugtraq: 8375

Signature Description: Some URLs require authentication in order for a user to gain access. A user agent that wishes to

authenticate itself with a server does so by including an Authorization request-header field with the request. RFC 2616

and 2617 suggest two types of authentication mechanisms "Basic" and "Digest". This rule triggers when a long HTTP

Basic authorization scheme header is observed. Oracle9i Database Server Release 2 is vulnerable to this kind of

vulnerability. A remote attacker could overflow a buffer by sending a large Authorization string and execute arbitrary

code on the system. Oracle has released a patch that can be obtained from Oracle Security Alert#58. Oracle Oracle9i

Standard Edition 9.2 .0.1,Oracle Oracle9i Personal Edition 9.2 .0.1,Oracle Oracle9i Enterprise Edition 9.2 .0.1 are

prone to this vulnerability .

Signature ID: 1211

BB4 Technologies Big Brother Directory Traversal Vulnerability

Threat Level: Warning

Industry ID: CVE-2000-0638 Bugtraq: 1455 Nessus: 10460

Signature Description: Some applications do not perform stringent checks when validating the credentials of a client