Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
23
supported by the inbuilt Tektronix PhaserLink webserver. No authentication mechanism exists to validate such
connections. Arbitrary pages inside the printer's administration interface may be requested on the PhaserLink
webserver. Hence,by using methods like the printer's 'Emergency Power Off' or IP configuration changes, an attacker
can cause a denial of service attacks.
Signature ID: 134
Novell Web Server NDS Tree Browsing vulnerability
Threat Level: Warning
Industry ID: CVE-2002-1634 Bugtraq: 4874
Signature Description: Netscape Enterprise Server was a web server developed originally by Netscape
Communications Corporation. The product has since been acquired by Sun microsystems and renamed as Sun Java
System Web Server. Netscape Enterprise Server for Novell Netware 5.1 or 5.0 contains several sample files which leak
sensitive system information like the location of web root, detailed system specific information,etc. These files are
available to remote users and can thus help attackers to attack in subsequent attacks.
Signature ID: 135
Netauth CGI Access vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0782 Bugtraq: 1587 Nessus: 10494
Signature Description: NetWin Netauth is a Web-based email management tool. NetWin Netauth versions 4.2 and
earlier could allow a remote attacker to traverse directories and read arbitrary files on the server by supplying "dot dot"
(/../) sequences and the desired file name to the 'page' variable at the end of a request to netauth.cgi. This can be used by
an attacker to gain access to restricted information which can be used to compromise the system in subsequent attacks.
Signature ID: 136
Netscape Enterprise Server PageServices Information Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0269 Bugtraq: 7621 Nessus: 10153
Signature Description: Netscape Enterprise Server was a web server developed originally by Netscape
Communications Corporation. The product has since been acquired by Sun microsystems and renamed as Sun Java
System Web Server. A vulnerability has been reported in Netscape Enterprise Server 4.1 SP8 and earlier. The problem
occurs while processing HTTP queries containing the '?PageServices' URI parameter. The affected server may disclose
the contents of the web root, possibly including sub-directories.
Signature ID: 137
Attempt to access /admin-serv/config/admpw
Threat Level: Warning
Bugtraq: 1579 Nessus: 10468
Signature Description: Netscape Communications SuiteSpot is a compilation of Netscape's Web, mail, groupware, and
directory-server offerings for corporate networks. Netscape SuiteSpot 3.5 server includes a web administration
package. The username and encrypted password for the Administrator account are kept in a world-readable file at
(webroot)/admin-serv/config/admpw. If this is accesssed by an attacker, he can crack the password by brute force.
Signature ID: 138
Netscape FastTrack 'get' request vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0239 Bugtraq: 481 Nessus: 10156
Signature Description: When the remote web server is issued with a lower-cased 'get' request it will return a directory
listing even if a default page such as index.html is present. Example : 'get / HTTP/1.0' will return a listing of the root