TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
177
Signature ID: 1291
Answerbook2 arbitrary command execution
Threat Level: Information
Industry ID: CVE-2000-0697
Bugtraq: 1556
Signature Description: Sun Microsystems Solaris AnswerBook2 versions 1.4.2 and prior contains a flaw that may
allow a malicious user to create an arbitrary account. This vulnerability is due to the insufficient input validation for cgi
scripts in the administration interface of Answerbook2. By sending a specially crafted URL request with shell meta
characters to port 8888. A successful exploitation of this vulnerability allows an attacker to access sensitive information
on the vulnerable system. This issue is fixed in AnswerBook2 version 1.4.2 patched or higher. Administrators are
advised to update 1.4.2 patched or later version to resolve this issue.
Signature ID: 1292
Apache 1.3.20 Possible Directory Index Disclosure attempt vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0731 Bugtraq: 3009
Signature Description: Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages technologies.
The Java Servlet and JavaServer Pages specifications are developed under the Java Community Process. Apache 1.3.20
and prior versions are velnerable, this version could cause directory contents to be disclosed. A malicious user(remote
attacker) to obtain a directory listing, caused by a vulnerability when the "Multiviews" option is enabled, the attacker
could send a specially-crafted URL containing the "M=D" query string to bypass the index page and obtain a listing of
the directory contents. An attacker could use this information to launch further attacks against the affected server.
Signature ID: 1295
CafeLog b2 Weblog Tool 2.06pre4 arbitrary command execution vulnerability
Threat Level: Warning
Industry ID: CVE-2002-1466 Bugtraq: 4673 Nessus: 11667
Signature Description: Weblog has posts that appear on the home page which are written by a group of people, instead
of by a single author. The Multi-Author Weblog Tool makes it easy to use Radio to create a multi-authored weblog.
Cafelog b2 0.6 pre is vulnerable to execute arbitrary codes, this version do not perform stringent checks when
validating the credentials of a client host connecting to the services offered on a host server. This can lead to
unauthorized access and possibly escalated privileges to that of the administrator.
Signature ID: 1296
Backup files access Vulnerability
Threat Level: Information
Signature Description: Backup utility in the Microsoft Windows operating system helps to protect data if hard disk
fails or files are accidentally erased due to hardware or storage media failure. By using Backup, you can create a
duplicate copy of the data on hard disk. The Backup files can contain script sources, configuration files or other
sensitive information. This event detects when an attacker access to the backup file.
Signature ID: 1297
Bad HTTP/1.1 request Vulnerability
Threat Level: Information
Signature Description: HTTP(Hypertext Transfer Protocol) is an application protocol. It is used for transferring files
(text, graphic images, sound, video, and other multimedia files) on the World Wide Web. This rule will trigger when an
attacker send an request as GET / HTTP/1.1\r\n\r\n without "Host" parameter, then the web servers will respond like as
HTTP/1.1 400 Bad request. This successful exploitation can allow an attacker to further attacks.