TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
167
Signature ID: 1248
Oracle iSQLPlus login.uix username overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-1362
Bugtraq: 10871
Signature Description: A database server is a computer program that provides database services to other computer
programs or computers, as defined by the client-server model. Database management systems frequently provide
database server functionality. <br>Oracle Database is a relational database management system (RDBMS) produced
and marketed by Oracle Corporation.<br>Oracle9i delivers a new, easy to use SQL*Plus tool called iSQL*Plus that is
delivered through a web browser. Oracle, Database Server 10.1.0.2 and prior versions are vulnerable, these versions
contain buffer overflow vulnerability. A malicious user(remote attacker) could send a specially-crafted login request it
contains over-long user name, while processing this request buffer overflow will occur on the server, then the attacker
could run arbitrary code in the context of the Web server which is potentially a serious threat especially if this is also
the database server.
Signature ID: 1249
Oracle iSQLPlus sid overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-1362 Bugtraq: 10871
Signature Description: A database server is a computer program that provides database services to other computer
programs or computers, as defined by the client-server model. Database management systems frequently provide
database server functionality. <br>Oracle Database is a relational database management system (RDBMS) produced
and marketed by Oracle Corporation.<br>Oracle9i delivers a new, easy to use SQL*Plus tool called iSQL*Plus that is
delivered through a web browser. Oracle, Database Server 10.1.0.2 and prior versions are vulnerable, these versions
contain buffer overflow vulnerability. A malicious user(remote attacker) could send a specially-crafted request, while
processing this request buffer overflow will occur on the server, then the attacker could run arbitrary code in the
context of the Web server which is potentially a serious threat especially if this is also the database server.
Signature ID: 1250
Oracle iSQLPlus username overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-1362
Bugtraq: 10871
Signature Description: A database server is a computer program that provides database services to other computer
programs or computers, as defined by the client-server model. Database management systems frequently provide
database server functionality. <br>Oracle Database is a relational database management system (RDBMS) produced
and marketed by Oracle Corporation.<br>Oracle9i delivers a new, easy to use SQL*Plus tool called iSQL*Plus that is
delivered through a web browser. Oracle, Database Server 10.1.0.2 and prior versions are vulnerable, these versions
contain buffer overflow vulnerability. A malicious user(remote attacker) could send a specially-crafted request to
isqlplus it contains over-long user name, while processing this request buffer overflow will occur on the server, then the
attacker could run arbitrary code in the context of the Web server which is potentially a serious threat especially if this
is also the database server.
Signature ID: 1251
PIX firewall manager directory traversal vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0158
Bugtraq: 691 Nessus: 10819
Signature Description: The PIX Firewall Manager (PFM) is a software product that allows the configuration of Cisco
PIX Firewall devices via a web-based GUI. PIX Firewall Manager is installed and run on a standard Windows NT
workstation or server that serves as the management station. Cisco PIX Firewall 4.2.1 and Cisco PIX Firewall 4.1.6 are
vulnerable to a arbitrary file access. This issue is due to the server not properly sanitizing user input, specifically