TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
227
TRACK. The HTTP TRACK method asks a web server to echo the contents of the request back to client for debugging
purpose. By sending a specially-crafted HTTP TRACK request, a remote attacker may abuse HTTP TRACK
functionality to gain access to information in HTTP headers such as cookies and authentication data. Upgrade the latest
version at vendor's website.
Signature ID: 1698
Microsoft IIS ISAPI Printer Extension Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2001-0241 Bugtraq: 2674 Nessus: 10661,10657
Signature Description: Microsoft Internet Information Services (IIS) is a set of Internet-based services for servers using
Microsoft Windows. Microsoft Internet Information Server(Microsoft IIS version 5.0) is a buffer overflow
vulnerability in the handling of ISAPI(Internet Services Application Programming Interface) extensions. ISAPI
(internet Server Application Program Interface) is a set of Windows program class that enables programmers to
develop Web-based applications that will run much faster than common gateway interface(CGI) application. An
Unchecked buffer exists in the Internet printing protocol(IPP) ISAPI extension in windows 2000 that handles user
requests(msw3prt.dll). IPP(Internet Printing Protocol) an Internet protocol that allows universal solutions to users
trying to print documents from the Internet. This signature detects if an attacker try to exploit host header field with
more then 300 bytes of data on http traffic. This issue is fixed and patches are available from vendors website.
Signature ID: 1699
Microsoft IIS ISAPI Printer Extension Buffer Overflow Vulnerability
Threat Level: Critical
Industry ID: CVE-2001-0241 Bugtraq: 2674 Nessus: 10661,10657
Signature Description: Microsoft Internet Information Services (IIS) is a set of Internet-based services for servers using
Microsoft Windows. Microsoft Internet Information Server(Microsoft IIS version 5.0) is a buffer overflow
vulnerability in the handling of ISAPI(Internet Services Application Programming Interface) extensions. ISAPI
(internet Server Application Program Interface) is a set of Windows program class that enables programmers to
develop Web-based applications that will run much faster than common gateway interface(CGI) application. An
Unchecked buffer exists in the Internet printing protocol(IPP) ISAPI extension in windows 2000 that handles user
requests(msw3prt.dll). IPP(Internet Printing Protocol) an Internet protocol that allows universal solutions to users
trying to print documents from the Internet. This signature detects if printer request containing more then 300 bytes
with null uri data. This issue is fixed and patches are available from vendors web site.
Signature ID: 1700
Microsoft IIS 3.0 '%2e' ASP Source Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0253 Bugtraq: 1814
Signature Description: Microsoft Internet Information Services (IIS) is a set of Internet-based services for servers using
Microsoft Windows. Microsoft IIS(Microsoft IIS versions 1.0,2.0,3.0) will return the source code of various server side
script files such as ASP files(An Active Server Page(ASP) is an HTML page that includes one or more scripts(small
embedded programs) that are processed on a Microsoft Web server before the page is sent to the user) if the filename in
the URL request contains a "%2e"(the hex value for %2e is .), a remote attacker could possibly yield sensitive
information such as user names and passwords. Upgrade the latest version at the vendor's website.
Signature ID: 1701
Microsoft IIS 4.0 Buffer Overflow While Processing .HTR, .STM and .IDC Files Vulnerability
Threat Level: Severe
Industry ID: CVE-1999-0874 Bugtraq: 307
Signature Description: Microsoft Internet Information Server (IIS) is a web server that ships with Windows platform.
Microsoft IIS version 4.0 is vulnerable to a denial of service attack caused by a buffer overflow involving the way that