TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
189
Signature ID: 1349
Nessus 2.x 404 probe Vulnerability
Threat Level: Information
Nessus: 10386
Signature Description: Some applications do not perform stringent checks when validating the credentials of a client
host connecting to the services offered on a host server. This can lead to unauthorized access and possibly escalated
privileges to that of the administrator. Data stored on the machine can be compromised and trust relationships between
the victim server and other hosts can be exploited by the attacker. This log is generated when an attempt is made to
ascertain weather or not a Web server or an application running on a web server is subject to a possible vulnerability
using the tool Nessus.
Signature ID: 1350
Net attempt Vulnerability
Threat Level: Information
Signature Description: Net.exe is a command line program that ships with Windows that lets control services at a
command prompt. It is used to modify user accounts. This rule triggered when an attacker access to the net.exe. This
successful exploitation can allow an attacker to gain sensitive information and modify user accounts such as user name,
password.
Signature ID: 1351
Nstelemetry.adp access
Threat Level: Information
Industry ID: CVE-1999-0508 Nessus: 10753
Signature Description: AOLserver has a built-in statistics-gathering system that collects data on the caches, tcl interps,
threads, and other interesting data. The file "nstelemetry.adp" can be dropped into any running server to get a snapshot
of how it's doing. The "nstelemetry.adp" file can be found in the tests/ directory of the AOLserver Source Distribution.
This rule generates an event when an attacker send "nstelemetry.adp" pattern.
Signature ID: 1353
Oracle Web Listener Batch File Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0169
Bugtraq: 1053 Nessus: 10348
Signature Description: Oracle Web Listener for NT makes use of various batch files as cgi scripts, which are stored in
the /ows-bin/ directory by default. Oracle Web Listener 4.0 .x for NT version is vulnerable. A remote attacker could
send a specially-crafted URL that contains '?&', and command to the file name, any of these batch files can be used to
run arbitrary commands on the server, simply by appending '?&' and a command to the file name. The command will
be run at the SYSTEM level. The name of a batch file is not even necessary, as it will translate the '*' character and
apply the appended string to every batch file in the directory. Moreover, UNC paths can be used to cause the server to
download and execute remote code.
Signature ID: 1354
HTTP Post Arbitrary Perl Code Execution vulnerability
Threat Level: Warning
Industry ID: CVE-2002-1436
Bugtraq: 5520 Nessus: 11158
Signature Description: NetWare is a network operating system developed by Novell, Inc. It initially used cooperative
multitasking to run various services on a PC, and the network protocols were based on the archetypal XNS stack.
Novell Netware 6.0 SP1, Novell Netware 6.0, Novell Netware 5.1 SP4,Novell Netware 5.1 are vulnerable versions are
allowing remote attackers to execute arbitrary arbitrary code via requests. These versions are not validating properly