TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
234
anot*.htr file. Microsoft Internet Information Services (IIS) Version 4 supplies a feature to allow users to make remote
password changes. The iisadmpwd directory has several .HTR files (achg.htr, aexp*.htr, and anot*.htr)that are used to
implement the password changes. An attacker can request a change and use a returned form to supply an account name,
existing password, and new password either to brute force changes or discover whether a specific account name exist.
Signature ID: 1739
AskSam Web Publisher as_web.exe Cross Site Scripting Vulnerability
Threat Level: Severe
Industry ID: CVE-2002-1727 Bugtraq: 4670
Signature Description: AskSam Web Publisher is a tool for publishing documents and databases to the Web. askSam
Web Publisher (as_web.exe) versions 1 and 4 are vulnerable to cross-site scripting. A remote attacker could attach
malicious JavaScript as a user-supplied variable in a URL request to as_web.exe or as_web4.exe, which would be
executed in the victim's Web browser once the link is clicked. This hits when the as_web.exe followed with script tag.
Signature ID: 1740
AskSam Web Publisher as_web4.exe Cross Site Scripting Vulnerability
Threat Level: Severe
Industry ID: CVE-2002-1727 Bugtraq: 4670
Signature Description: AskSam Web Publisher is a tool for publishing documents and databases to the Web. askSam
Web Publisher (as_web.exe) versions 1 and 4 are vulnerable to cross-site scripting. A remote attacker could attach
malicious JavaScript as a user-supplied variable in a URL request to as_web.exe or as_web4.exe, which would be
executed in the victim's Web browser once the link is clicked. This rule hits when "as_web4.exe" followed with script
tag in the uricontent.
Signature ID: 1741
Microsoft IIS Appended Dot Script Source Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0253 Bugtraq: 2074,1814
Signature Description: Microsoft IIS(Internet Information Server) is a group of Internet servers including a Web or
Hypertext Transfer Protocol server and a File Transfer Protocol server. It was developed by Microsoft. Microsoft IIS
2.0 and 3.0 suffer from an issue allowing a remote user to retrieve the source code for any script (that has read
permissions on the server) via a web browser. This is accomplished by appending a period (.) to the end of a URL
requesting a specific script, and applies to any file types in the "script-map list", including .asp, .ht., .id, .PL, and others.
Consequences of exploitation vary depending on the site design, but commonly include details of directory structure on
the web server, database passwords, and various other pieces of information that could then be used to mount further
attacks. Upgrade to the latest version of IIS(4.0 or later), available at vendor's website.
Signature ID: 1742
WEB-IIS asp-srch Vulnerability
Threat Level: Severe
Signature Description: Microsoft IIS(Internet Information Server) is a group of Internet servers including Hypertext
Transfer Protocol service and a File Transfer Protocol service. It was developed by Microsoft. This rule will tries to
detect when the .asp is found in content while accessing a web server run by IIS. The successful exploitation of this
issue will allow an attacker to gain information on the IIS implementation on the host.
Signature ID: 1743
Access to cmd32.exe Vulnerability
Threat Level: Warning
Signature Description: This rule gets hit when an attempt is made to access the cmd32.exe file. This file is only