TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
194
Signature Description: Unify's eWave ServletExec is a JSP and a Java Servlet engine which is to be used as a plug-in
to popular web servers like Apache, IIS, Netscape. By using this possible to send a URL request which causes the
ServletExec servlet engine to terminate abruptly. Unify eWave ServletExec version 3.0c and earlier versions are
vulnerable, these versions are<br>susceptible to a denial of service attack if a URL invoking the ServletExec servlet
preceded by /servlet is requested. The ServletExec engine will attempt to bind a server thread over port 80 and if the
web server is currently running, a java.net. BindException error will give result thus halting all operations on the
ServletExec engine. Restarting the application is required in order to regain normal functionality.
Signature ID: 1374
CalaCode @mail Webmail System Cross-Site Scripting Attempt Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-2379
Bugtraq: 9748
Signature Description: CalaCode @Mail is a WebMail Client / Email-server platform that allows users to send and
receive emails via the Web, Wireless Device or Desktop Client. CalaCode @mail Webmail System version 3.64 is
vulnerable version to cross-site scripting. This application does not validate user input values submission to the util.pl
script. So a remote attacker could embed malicious JavaScript in the "Displayed Name" field, which would be executed
in the victim's Web browser within the security context of the hosting site, once the entry is viewed. An attacker could
use this vulnerability to steal the victim's session ID and gain unauthorized access to the victim's email.
Signature ID: 1376
Nombas ScriptEase:Webserver Viewcode Arbitrary File Access Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-1580 Bugtraq: 3715
Signature Description: Nombas ScriptEase:Webserver Edition is designed to allow the development of web based
applications in Javascript. It includes the ability to execute Javascript code in response to CGI requests, and support for
developer features such as remote debugging. Nombas ScriptEase: Webserver Edition 4.30d and Nombas ScriptEase:
Webserver Edition 4.30b for all platforms are vulnerable. In these vulnerable versions, default scripts included with
ScriptEase:Webserver Edition allows remote users to disclose arbitrary files residing on a host. A malicious
user(remote attacker) could send a specially crafted URL, it contains dot dot(..) sequence then these is a chance to
directory traversal the attacker can view any file on web server.
Signature ID: 1377
Bradford Barrett Webalizer Cross-Agent Scripting Attack Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0835
Bugtraq: 3473 Nessus: 10816
Signature Description: The Webalizer is a GPL application that generates web pages of analysis, from access and
usage logs, i.e. it is web log analysis software. It is one of the most commonly used web server administration tools. It
produces highly detailed, easily configurable usage reports in HTML format, for viewing with a standard web browser.
Bradford L. Barrett, Webalizer 2.01-06 and prior versions are vulnerable is vulnerable to cross-site scripting. If the
HTTP referrer information is stored in log files analyzed by Webalizer, a malicious user(remote attacker) can inject
malicious HTML tags into a report by sending a "Referer" HTTP header containing HTML metacharacters during
keyword searches to execute scripts and possibly access the compromised HTML reports.
Signature ID: 1378
Webcart access vulnerability
Threat Level: Information
Industry ID: CVE-1999-0610
Bugtraq: 2281 Nessus: 10298
Signature Description: The WebCart shopping cart system is one of the popular e-commerce system on the internet.
Various shopping carts create world readable files in the web server's document tree which have subsequently been