TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
166
administrative privileges to the NETObserve application which can be used to manage other remote client machines.
ExploreAnywhere Software NETObserve 2.0 is prone to this vulnerability.
Signature ID: 1244
Netscape Enterprise directory listing attempt Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0250
Bugtraq: 2285
Signature Description: Netscape Enterprise Server is a web server, it was developed by Netscape Communications
Corporation. The product has since been renamed Sun Java System Web Server, reflecting the product's acquisition by
Sun Microsystems. Netscape Enterprise Server 4.0 version is vulnerable, Netscape Enterprise Server 4.0 version could
allow a remote attacker to obtain a directory listing of the server. A remote attacker can connect to the server using
telnet and send an "INDEX / HTTP/1.0" request to cause the server to display the directory listing. By using this
vulnerability attacker can gain access to sensitive information. No remedy available.
Signature ID: 1245
Unify eWave ServletExec DoS Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-1025 Bugtraq: 1868
Signature Description: Unify's eWave ServletExec is a JSP and a Java Servlet engine which is to be used as a plug-in
to popular web servers like Apache, IIS, Netscape. It is possible to send a URL request which causes the ServletExec
servlet engine to terminate abruptly. The web server, however, is not affected. Unify eWave ServletExec 3.0c is
vulnerable to denial of service. A remote attacker could send a specially-crafted URL that contains the "/servlet/"
string, which invokes the ServletExec servlet and causes an exception if the servlet is already running, this causes the
servlet engine to crash.
Signature ID: 1246
Netscape Unixware overflow vulnerability
Threat Level: Information
Industry ID: CVE-1999-0744 Bugtraq: 908,603
Signature Description: The version of Netscape FastTrack server that ships with UnixWare 7.1 is vulnerable to a
remote buffer overlow via a long HTTP GET request with more than 367 characters. By default, the httpd listens on
port 457 of the UnixWare host and serves documentation via http. This vulnerability is fixed in latest versions. Users
are advised to update the latest version to resolve this issue.
Signature ID: 1247
Oracle 10g iSQLPlus login.unix connectID overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-1362 Bugtraq: 10871
Signature Description: A database server is a computer program that provides database services to other computer
programs or computers, as defined by the client-server model. Database management systems frequently provide
database server functionality. <br>Oracle Database is a relational database management system (RDBMS) produced
and marketed by Oracle Corporation.<br>Oracle9i delivers a new, easy to use SQL*Plus tool called iSQL*Plus that is
delivered through a web browser. Oracle, Database Server 10.1.0.2 and prior versions are vulnerable, these versions
contain buffer overflow vulnerability. A malicious user(remote attacker) could send a specially-crafted login request it
contains over-long Connect-ID, while processing this request buffer overflow will occur on the server, then the attacker
could run arbitrary code in the context of the Web server which is potentially a serious threat especially if this is also
the database server.