TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
216
Signature Description: A vulnerability in the default installation of Apache HTTP Server versions 2.0 through 2.0.39
could allow a remote attacker to traverse directories on the Web server and view and execute files. A remote attacker
could create a specially-crafted URL request containing hexadecimal URL encoded "backslash dot dot" sequences (in
the form of 5c%2e%2e%5c) to traverse directories and view arbitrary files and directories on the Web server. An
attacker could use this vulnerability to execute commands on the system by traversing to the /cgi-bin/ directory.
Signature ID: 1502
Squid cachemgr.cgi Unauthorized Connection Vulnerability
Threat Level: Information
Industry ID: CVE-1999-710 CVE-1999-0710 Bugtraq: 2059
Signature Description: Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and
HTTP data objects. The 'cachemgr.cgi' module is a management interface for the Squid proxy service. It was installed
by default in '/cgi-bin' by Red Hat Linux 5.2 and 6.0 installed with squid with no access controls, a remote attacker to
connect to arbitrary hosts and ports which could be used it as an intermediatary to connect to other systems.
Signature ID: 1503
Cart32 "expdate" Administrative Information Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0430 Bugtraq: 1358
Signature Description: Cart32 is shopping cart software(developed by McMurtrey/Whitaker & Associates) built for
Microsoft Server using Visual Basic, a MySQL database, and HTML components. A vulnerability in the cart32.exe
CGI executable could allow a remote attacker to retrieve sensitive information about the server installation, including
environment settings and a list of programs in the CGI-BIN directory. A remote attacker could exploit this vulnerability
by appending the string "/expdate" to a request for the cart32.exe CGI, an attacker to access an error message followed
by a debugging page containing the server variables, the Cart32 administration directory and possibly the contents of
the cgi-bin. Vulnerable versions are McMurtrey/Whitaker & Associates Cart32 3.0 and 2.6. No remedy available as of
August 2008.
Signature ID: 1504
Microsoft Internet Explorer FILEX Information Disclosure Vulnerability
Threat Level: Information
Signature Description: Filex (File Extension Database)consists of file name extension-related information in the form
of a Windows HTML Help file. Internet Explorer 5.0 browser is vulnerable. This vulnerability is due to improper
handling of request, it may leak sensitive information when accessed from Internet Explorer. A successful exploitation
of this vulnerability allow an attacker to gain sensitive information on the vulnerable system. This vulnerability is fixed
in latest versions. Administrators are advised to update latest version to resolve this issue.<br>
Signature ID: 1506
Microsoft Windows HTML Converter HR Align Buffer Overflow Vulnerability
Threat Level: Information
Industry ID: CVE-2003-0469 Bugtraq: 8016
Signature Description: HTML converter is an extension which allows applications to convert HTML data into Rich
Text Format(RTF) while maintaining the formatting and sturcture of the data as well as the text. The converter also
supports the conversion of RTF data into HTML. Microsoft Internet Explorer (Microsoft Internet Explorere version 5
and 6) is vulnerable to a stack-base buffer overflow in the HTML coversion library(html32.cnv). By creating a new
HTML document and opening it in a frame off screen, writing a specilly-crafted 'align' element in an <HR>(Horizontal
Rule) tag to the document, a remote attacker could overflow a buffer and execute arbitrary code on the system with
privileges of the victim. An exploit trigers when the malicious web page or file on a Web site or by sending it to a
victim as an HTML email.