TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
169
Signature ID: 1256
Martin Hamilton ROADS File Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0215
Bugtraq: 2371 Nessus: 10627
Signature Description: The search.pl program is a Common Gateway Interface(CGI) program used to provide an end
user search front end to ROADS databases. When accessed with no CGI query, the program can return an HTML form
to the user to fill in to make a query. Martin Hamilton ROADS 2.3 is vulnerable to read arbitrary files from the server
host. A remote attacker could send requet by specially crafted URL composed of '%00' sequences along with the
known filename will disclose the requested file, i.e., by specifying the file name in the "form" parameter and
terminating the filename with a null byte. After received this type of request it is not validating properly the user given
inputs then there is chance to read files from the server host, finally this can lead to unauthorized access and possibly
escalated privileges to that of the administrator.
Signature ID: 1257
Real Server DESCRIBE buffer overflow vulnerability
Threat Level: Information
Industry ID: CVE-2003-0725 Bugtraq: 8476
Signature Description: Helix Universal Server version 9.0 streams the widest variety of media, such as audio, video,
animation, images, and text, to the broadest range of media players, including RealOne Player, Windows Media Player,
and Apple QuickTime Player. Helix Universal Server version 9 and prior are vulnerable to a buffer overflow via
sending a long string to describe command. This vulnerability is fixed in Real Networks Helix Universal Server 9.0.2
.802. Users are advised to update the Real Networks Helix Universal Server 9.0.2 .802 or later version to resolve this
vulnerability.
Signature ID: 1258
Trend Micro InterScan eManager buffer overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0958 Bugtraq: 3327 Nessus: 11747
Signature Description: Trend Micro InterScan eManager is a plug-in for InterScan which manages spam, message
content, and mail delivery. It can be managed through a web-based console interface. Trend Micro, InterScan
eManager 3.51 and Trend Micro, InterScan eManager 3.51J versions are vulnerable, it is a stack-based vulnerability.
Several CGI components of eManager contain a buffer overflow vulnerability which could allow an attacker to execute
arbitrary code within the Local System context. Several CGI components of eManager is not validating the user input
values, here the attacker accessing through "SFNotification.dll", after received request with out proper validation cop-
ying the given values(overly long values) in to static buffer at that time that buffer will overflow, then there is a chance
to execute arbitrary code within the Local System context.
Signature ID: 1259
SSiteWare Editor Desktop Directory Traversal Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0555 Bugtraq: 2868
Signature Description: SiteWare Editor's Desktop is a web-based administration tool for manipulating
ScreamingMedia content on a SiteWare web server. Screaming Media SiteWare 3.1, Screaming Media SiteWare 3.0 2,
Screaming Media SiteWare 3.0 1, Screaming Media SiteWare 3.0, Screaming Media SiteWare 2.5 01, Screaming
Media SiteWare 2.5 are vulnerable versions. The SiteWare Editor is a Web-based remote administration interface for
the SiteWare server. A malicious user(remote attacker) could send a URL request containing "dot dot" sequences (/../)
to the SiteWare server, after received this type of requests it is not validating properly the user supplied, then there is
chance to traverse directories and retrieve arbitrary files from the Web server. This signature detects when the attacker
access "SWEditServlet" because there is no parameter information.