TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
182
Signature ID: 1315
ICat Carbo Server File Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-1069 Bugtraq: 2126
Signature Description: ICat Electronic Commerce Suite is an application which enables a user to create and manage
web based catalogues. carbo.dll in iCat Electronic Commerce Suite 3.0 allows remote attackers to read arbitrary files
via directory traversal using relative path. It is possible to access any object on the system. The attacker will send a
specially-crafted request with directory traversal sequence(../) as icatcommand parameter value. Successful exploitation
of this vulnerability may disclose sensitive information such as usernames and passwords and aid in the development of
further attacks.
Signature ID: 1317
Parent directory traversal Vulnerability
Threat Level: Warning
Signature Description: Cd, also known as chdir(change directory), is a command to change the current working
directory in operating systems such as Unix, DOS. 'cd..' Used to go back one directoy on the majority of all Unix shells.
This signature detects the command "cd..", an attacker can be attempting to access a read files beyond root directory.
Signature ID: 1318
HTTP Request with Negative Content-Length Vulnerability
Threat Level: Severe
Industry ID: CVE-2004-0095 CVE-2004-0245 Bugtraq: 9576,9476
Signature Description: This rule triggers when a malicious HTTP request contains negative value for Content-Length
field in the HTTP header. McAfee, ePolicy Orchestrator 3.0 is vulnerable to a buffer overflow. A remote attacker could
send an HTTP POST request with an invalid value in the Content-Length header, when McAfee ePolicy Orchestrator
recieves this type of requests it can not give responses the device will crash or possibly execute arbitrary code, so
finally the attacker could overflow buffer and cause the system to crash, or possibly execute arbitrary code on the
system.
Signature ID: 1319
NAI PGP Keyserver WebAdmin Interface Authentication Bypassing Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-1252
Bugtraq: 3375
Signature Description: Key server is a computer, typically running special software which provides keyss to users or
other programs. The users or programs can be working in that or another networked computer. KeyServer is the most
widely used network-independent software license manager for Macintosh and Windows-based computers. PGP,
Keyserver 7.0 and PGP, Keyserver 7.0.1 versions are vulnerable, these versions are vulnerable to a denial of service
attack, caused by a vulnerability in the default permissions of the Web interface. That allows a malicious user(remote
attacker) to access administrative features without authentication. The flaw is due to the server not validating input to
the "action" variable in the "console.exe" script. This may allow an attacker to manipulate administrative features and
configuration options.
Signature ID: 1320
Microsoft Site Server 3.0 Content Upload Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0360 Bugtraq: 4002,1811
Signature Description: Microsoft Site Server is a solution to the growing business of Internet-based commerce (or e-
commerce). Site Server expanded on Merchant Server's functionality by annexing content management tools; which