TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
163
Signature ID: 1229
ICQ webserver Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0474
Signature Description: Web server is a computer with a boot device or other disk containing a web site. A remote
attackers could send a request by using "dot dot"(../) sequence to access arbitrary files outside of the user's personal
directory. After received this type of request it is not validating properly the user given input so there is chance to
access arbitrary files.
Signature ID: 1230
BRS WebWeaver ISAPISkeleton.dll Cross-Site Scripting Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-2128 Bugtraq: 9516
Signature Description: BRS WebWeaver is a free personal web server that run on the Windows platform. BRS
WebWeaver 1.07. and Earlier versions are vulnerable to a cross-site scripting. A remote attacker can create a malicious
link to the vulnerable server that includes embedded HTML and script code. If this link is followed by a victim user,
hostile code embedded in the link may be rendered in the user's browser in the context of the server.Successful
exploitation could permit theft of cookie-based authentication credentials or other attacks.
Signature ID: 1231
BEA WebLogic XSS in InteractiveQuery.jsp access Vulnerability
Threat Level: Warning
Industry ID: CVE-2003-0624 Bugtraq: 8938
Signature Description: The BEA WebLogic InteractiveQuery.jsp example application is a CGI application that
demonstrates the use of arguments to query a database. BEA WebLogic 8.1 and prior are vulnerablr, WebLogic
InteractiveQuery.jsp is prone to a cross-site scripting vulnerability. <br>A malicious user(remote attacker) s reported to
exist due insufficient sanitization of user-supplied data in an initialization argument called 'person'. It has been reported
that if an invalid value is passed to this argument, the software returns the value back to <br>the user in a results page
without proper sanitization. The problem may allow a remote attacker to execute HTML or script code in the browser
of a user following a malicious link created by an attacker.Successful exploitation of this attack may allow an attacker
to steal cookie-based authentication information that could be used to launch further attacks.<br>No remedy available
as of July 2008.
Signature ID: 1232
Invision Power Board Search.PHP "st" SQL Injection Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0338
Bugtraq: 9766
Signature Description: Invision Power Services is one of the world's leading providers of community solutions.
<br>Invision Power Board is vulnerable to SQL injection attack. It is present in the search.php" script. A malicious
user(remote attacker) may corrupt the resulting SQL queries (there are at least two) by specially crafting a value for the
"st" variable. The impact of this vulnerability depends on the underlying database, tt may be possible to corrupt/read
sensitive and any manipulations on the database, execute commands/procedures on the database server or possibly
exploit vulnerabilities in the database itself through this condition. It has been reported that this issue may also affect
the sources/Memberlist.php' and the 'sources/Online.php' scripts. Patches are available at vendor website.
Signature ID: 1233
L3retriever HTTP Probe
Threat Level: Information
Signature Description: Some applications do not perform stringent checks when validating the credentials of a client