TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
183
would typically be involved, it was thought, in facilitating the management of Web-facing content. It is designed to run
on Microsoft Windows NT Server platforms. Microsoft Site Server (Commerce Edition) versions 3.0 SP4 i386 ,3.0 SP4
alpha,3.0 SP3 i386,3.0 SP3 alpha,3.0 SP2 i386,3.0 SP2 alpha,3.0 SP1 i386,3.0 SP1 alpha,3.0 i386,3.0 alpha,3.0 SP4
i386,3.0 SP4 alpha,3.0 SP3 i386,3.0 SP3 alpha,3.0 SP2 i386,3.0 SP2 alpha,3.0 SP1 i386,3.0 SP1 alpha,3.0 SP1
alpha,3.0 alpha have this vulnerability. A valid NT user accounts may use the module cphost.dll to upload content for
Site Server 3.0. During this process, temporary files are created in the location C:\Temp, which is not configurable. If a
malicious party uploads content with a Target URL parameter of more than approximately 250 characters, the upload
process will fail, and the temporary file will not be deleted. An authenticated attacker may exploit this to exhaust all
drive space on C drive.
Signature ID: 1321
PHPBB2 Image Tag HTML Injection Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0902 Bugtraq: 4858
Signature Description: PhpBB (short of php Bulletin Board) is one of the most powerful and commonly used forum
systems nowadays. It is suitable for newbies as well as more technically oriented users. phpBB is an open source
project and can be used for FREE. phpBB, phpBB 2.0 and prior versions are vulnerable to cross-site scripting. A
malicious user(remote attacker) could embedded malicious script(attack script) in a forum message within BBCode
image tags by using a double quotation character (") to escape the image source location and insert arbitrary script. The
script would be executed within a victim's Web browser once the message is viewed. An attacker could use this
vulnerability to steal a user's cookie-based authentication credentials.
Signature ID: 1322
NAI PGP Keyserver WebAdmin Interface Authentication Bypassing Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-1252 Bugtraq: 3375
Signature Description: Key server is a computer, typically running special software which provides keyss to users or
other programs. The users or programs can be working in that or another networked computer. KeyServer is the most
widely used network-independent software license manager for Macintosh and Windows-based computers. PGP,
Keyserver 7.0 and PGP, Keyserver 7.0.1 versions are vulnerable, these versions are vulnerable to a denial of service
attack, caused by a vulnerability in the default permissions of the Web interface. That allows a malicious user(remote
attacker) to access administrative features without authentication. The flaw is due to the server not validating input to
the "action" variable in the "cs.exe" script. This may allow an attacker to manipulate administrative features and
configuration options.
Signature ID: 1323
Cybercop scanner network vulnerability
Threat Level: Information
Signature Description: CyberCorp Scanner is a commercial network security assessment component that can scan
devices on the network for vulnerabilities. The results of a scan could provide the information about the weaknesses of
network and systems. This information could be useful to an attacker for performing an attack.
Signature ID: 1324
Mobius DocumentDirect for the Internet 1.2 Buffer Overflow vulnerability
Threat Level: Information
Industry ID: CVE-2000-0826
CVE-2000-0828 Bugtraq: 1657 Nessus: 11728
Signature Description: Mobius Management Systems, DocumentDirect for the Internet 1.2 is vulnerable to stack-based
buffer overflow, a number of unchecked static buffers exist in this version. By sending a GET request to ddicgi.exe
containing a string of 1553 characters or more, a remote attacker can overflow a buffer in ddicigi.exe to execute
arbitrary code or crash the system.