TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

181

182

183

184

185

186

187

188

189

190

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

186

Signature ID: 1335

Htgrep access attempt vulnerability

Threat Level: Warning

Industry ID: CVE-2000-0832

Signature Description: Htgrep is a cgi-bin script written in perl, and can be used with any http server that supports cgi-

bin scripts. Linux, Kernel and Microsoft, Windows NT 4.0 and Various vendors, Unix are vulnerable to obtain

sensitive information, the vulnerability existed in Htgrep CGI. An attacker can send a request by adding a header and

footer file to the search input to view arbitrary files in the Web server's directory with the privileges of the Web user.

This script allows remote attackers to read arbitrary files by specifying the full path name in the hdr parameter.

Signature ID: 1336

IChat directory traversal attempt

Threat Level: Information

Industry ID: CVE-1999-0897

Signature Description: IChat is also a versatile instant text messaging application. iChat 3.0 web server is vulnerable to

a read arbitrary files via a .. (dot dot). This issue is fixed in latest version. Users are advised to update the latest version

to resolve this issue.

Signature ID: 1337

IPlanet Web Publisher Remote Buffer Overflow Vulnerability

Threat Level: Critical

Industry ID: CVE-2001-0746 CVE-2001-0747 Bugtraq: 2732

Signature Description: Web Publisher is an automated FTP client that allows to upload and then update user web site

easily. Web Publisher can automatically find and upload new and modified files. Netscape Enterprise Server 4.0nn,

Enterprise Server 4.1 and Sun, iPlanet Web Server 4.1 SP3 to Sun, iPlanet Web Server 4.1 SP7 are vulnerable versions,

the Web Publisher feature not validating properly the Uniform Resource Identifier (URI). By sending an HTTP request

containing 2000 characters or more and specifying one of the Web Publisher specific methods, an attacker can

overflow a buffer to gain shell access to the server or possibly cause a denial of service against the affected server or

possibly execute arbitrary code via this type of long URI request.

Signature ID: 1338

IPlanet Web Server Search Component File Disclosure Vulnerability

Threat Level: Warning

Industry ID: CVE-2002-1042

Bugtraq: 5191 Nessus: 11043

Signature Description: Web server is a computer with a boot device or other disk containing a web site. HP-UX 11 and

IBM, AIX 4.3.3 and AIX 5.1 versions, Microsoft, Windows 2003 Server and RedHat, Linux 6.2 and Linux 7.1

versions, Sun, iPlanet Web Server 4.1 and iPlanet Web Server 6.0 versions, Sun - Solaris 2.6 and Solaris 7.0 and

Solaris 8 and Solaris 9 are vulnerable. A malicious user(remote attacker) could send a URL request containing "dot

dot" sequences (/../) to the server as "NS-query-pat" parameter values, which would cause the search engine to return

the contents of the requested file, after received this type of requests it is not validating properly the user supplied data,

then there is chance to traverse directories and retrieve arbitrary files from the Web server.

Signature ID: 1339

Owl Intranet Engine Login Mechanism vulnerability

Threat Level: Warning

Nessus: 11626

Signature Description: Owl is a multi user document repository (knowledge base) system written in PHP4 for

publishing files/documents onto the web for small to medium business level groups. This rule triggers when an attempt