TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

221

222

223

224

225

226

227

228

229

230

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

228

.HTR, .STM, and .IDC files are processed. IIS version 4.0 can perform various server-side processing with specific file

types. When a web site visitor requests a file of one of these types, an appropriate filter DLL processes it. By sending a

malformed request, an attacker can overflow a buffer and cause the service to crash or execute arbitrary code. Install

the update issued in Microsoft Security Bulletin MS99-019.

Signature ID: 1702

Microsoft IIS 4.0/5.0 Source Fragment Disclosure Vulnerability

Threat Level: Severe

Industry ID: CVE-2000-0630 CVE-2000-0457 Bugtraq: 1488,1193,189

Signature Description: Microsoft Internet Information Services (IIS) 4.0 and 5.0 are vulnerable to a Source code

disclosure vulnerability. If '+.htr' is appended to a request for a known .asp (or .asa or .ini etc.,), the request will be

handled by ISM.DLL, which then strips the +.htr string and may disclose part or all of the source of the .asp file

specified in the request.

Signature ID: 1703

Microsoft IIS HTTP Header Field Delimiter Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2002-0150 Bugtraq: 4476

Signature Description: Microsoft Internet Information Server (IIS) is vulnerable to a buffer overflow in the handling of

HTTP headers, an intruder could execute arbitrary code with privileges that vary according to which version of IIS is

running. IIS version 4.0 permits an intruder to execute code with complete administrative privileges, while IIS 5.0 and

5.1 permit an intruder to execute code with the privileges of the IWAM_computername account.

Signature ID: 1705

Microsoft IIS executable file parsing vulnerability

Threat Level: Warning

Industry ID: CVE-2000-0886 Bugtraq: 1912

Signature Description: Microsoft Internet Information Services (IIS) can receive executable file requests and valid

requests are sent for Operating System for processing. A vulnerability exists in IIS 4.0 and 5.0 in a way when IIS

receives a specially formed request for an executable file followed by operating system commands, IIS will proceed to

process the entire string rather than rejecting it. An attacker can use this vulnerability to modify Web pages or other

files on the Web server, reformat the hard drive, or perform other unauthorized actions. In order to establish successful

exploitation, the file requested must be an existing .bat or .cmd file residing in a folder that the user possesses

executable permissions.

Signature ID: 1710

Microsoft IIS HTR Chunked Encoding Transfer Heap Overflow Vulnerability

Threat Level: Information

Industry ID: CVE-2002-0364

Bugtraq: 4855

Signature Description: This rule gets hit when an attempt is made to exploit a buffer overflow associated with chunked

encoding data transfer mechanism which is part of the ISAPI (Internet Services Application Programming Interface)

extension that implements HTR functionality in Microsoft Internet Information Services (IIS). Chunked encoding is a

means to transfer variable-sized units of data (called chunks) from a web client to a web server. By sending a specially-

crafted "chunk" of data that causes the incorrect buffer size to be allocated, a remote attacker could overflow a buffer

and execute arbitrary code on the system or cause the IIS service to fail. Microsoft IIS 4.0 and 5.0 are vulnerable to this

issue.