TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
168
traversal style attacks (../../) supplied via the URI. This issue is fixed in Cisco PIX Firewall(4.2.2, 4.1.6 b).
Administrators are advised to update latest version to resolve this issue.
Signature ID: 1252
PeopleSoft PeopleBooks psdoccgi.exe Denial of Service and Directory Traversal Vulnerability
Threat Level: Warning
Industry ID: CVE-2003-0627
CVE-2003-0626 Bugtraq: 9037,9038
Signature Description: The PeopleSoft PeopleBooks component provides a CGI based search application as part of the
default installation. Oracle, PeopleSoft PeopleTools 8.40, Oracle, PeopleSoft PeopleTools 8.41, Oracle, PeopleSoft
PeopleTools 8.42 and Oracle, PeopleSoft PeopleTools 8.43 are vulnerable versions. These versions of PeopleTools's
may allow a remote attacker to traverse outside the server root directory in order to gain access to sensitive information.
After received the request from users it is not validating properly, so the remote attacker ciould send a request
'psdoccgi.exe, that request contains invalid values to 'headername' and 'footername' arguments of the psdoccgi.exe CGI
script.
Signature ID: 1253
Paul M. Jones Phorecast Remote Arbitrary Code Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-1049 Bugtraq: 3388
Signature Description: Phorecast is freely available, open-source web-based single-user email. It allows users to send
and receive email through a web-based interface. A problem exists in Phorecast Paul M. Jones Phorecast 0.30a is
version, that will allow a remote attacker to execute arbitrary code on a host running the software(with the privileges of
the web server process). A remote attacker can send to the server a specially-crafted URL that passes arbitrary data
using the $includedir variable to specify a malicious file containing PHP code to be executed on the host. As a result,
the affected script may be redirected to execute arbitrary code located on an external host, as specified by the attacker.
Signature ID: 1254
Quicktime User-Agent buffer overflow vulnerability
Threat Level: Information
Industry ID: CVE-2004-0169 Bugtraq: 9735
Signature Description: The Apple Quicktime Streaming Server is used to serve client machines with streaming media
content using TCP/IP. Apple Quicktime Streaming Server 4.1.3 and Apple Darwin Streaming Server 4.1.3 are
vulnerable to a denial of service. This issue presents itself when the software attempts to parse DESCRIBE request with
a User-Agent field that contains more than 255 characters. Administrators are advised to update the latest version to
resolve this issue.
Signature ID: 1255
RBS ISP/newuser command based directory traversal Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-1036 Bugtraq: 1704 Nessus: 10521
Signature Description: Extent RBS ISP is a full OSS package which combines RADIUS, user management, Web
signup, billing, invoicing and other valuable features that will grow user IP service provider business. Extent, Extent
RBS-ISP 2.63 and prior versions are vulnerable to read any file from the server. A remote attacker could send a
specially crafted request URL that contains "dot dot" (/../) sequences as parameter value for 'image' parameter to read
any file under the Extent RBS ISP directory and gain access to sensitive information, such as credit card information,
usernames, and passwords, which are stored in the rbsserv.mdb database.