Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
11121314151617181920
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
20
Signature ID: 117
Allaire JRun 2.3.x Sample Files Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0539 CVE-2000-0540 Bugtraq: 1386 Nessus: 10444,10996
Signature Description: JRun is a Java application server, originally developed as a Java Servlet engine by Live
Software and subsequently purchased by Allaire. A number of vulnerabilities in Allaire JRun 2.3.x allow remote
attackers to obtain sensitive information, e.g. listing HttpSession ID's via the 'SessionServlet' servlet, the file system
information using viewsource.jsp. This information can be used in subsequent attacks. The vulnerabilities exist in
documentation, sample code, examples, and applications as well as tutorials which are shipped as part of the server.
This signature detects access to vulnerable viewsource.jsp file.
Signature ID: 118
Allaire JRun Directory Listing vulnerability
Threat Level: Warning
Industry ID: CVE-2000-1050 Bugtraq: 1830 Nessus: 10604
Signature Description: JRun is a Java application server, originally developed as a Java Servlet engine by Live
Software and subsequently purchased by Allaire. The 'WEB-INF' directory contains metadata about the application
deployed on the server. Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF
directory via a URL request that contains an extra "/" in the beginning of the request as in 'http://target//WEB-INF/'.
This may also be exploited by submitting the maliciously crafted URL via a HTTP GET request using utilities like
netcat or telnet.
Signature ID: 120
KW Whois Remote Command Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0941 Bugtraq: 1883 Nessus: 10541
Signature Description: WHOIS is a TCP-based query/response protocol which is widely used for querying an official
database in order to determine the owner of a domain name, an IP address, or an autonomous system number on the
Internet. Kootenay Web Inc whois is a web interface to 'whois' command on a linux server. Kootenay Web Inc whois
1.0 does not check the user input properly. Hence, using shell meta characters like ' ; ', an attacker can trick the script
into executing arbitrary code on the host system.
Signature ID: 121
Check for listrec.pl vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0997 Bugtraq: 3328 Nessus: 10769
Signature Description: Textor Webmasters Ltd offers a series of pre-packaged web content management solutions.
Textor Webmasters Ltd.'s listrec.pl CGI program allows remote attackers to execute arbitrary commands, via shell meta
characters like ';' in the TEMPLATE parameter, with the privileges of the web server.
Signature ID: 122
Lotus Notes ?OpenServer Information Disclosure vulnerability
Threat Level: Warning
Signature Description: Lotus Domino is an Application server designed to aid workgroups and collaboration on
projects and offers SMTP, POP3, IMAP, LDAP, and web services that allow users to interact with Lotus Notes
databases. Multiple versions of Domino Web server have a special URL, 'http://myserver/?OpenServer', which
generates a page containing a list of all the databases on the server. The database names are active links, so you can
open a database just by clicking a name. This is a convenient shortcut for administrators or designers working on a