TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
235
accessible if maliciously placed in the web server's root directory or an attacker performs unauthorized directory
traversal. This may permit the attacker to execute arbitrary commands on the vulnerable server.
Signature ID: 1744
Microsoft IIS .cmd?& Access Vulnerability
Threat Level: Severe
Signature Description: Microsoft IIS(Internet Information Server) is a group of Internet servers including Hypertext
Transfer Protocol service and a File Transfer Protocol service. It was developed by Microsoft. This rule gets hit when
.cmd?& is found in content while accessing a web server run by IIS. The successful exploitation of this issue will allow
an attacker to gain information on the IIS implementation of the host which may be the prelude to an attack against that
host using that information.
Signature ID: 1746
Microsoft IIS Form_VBScript.asp XSS Vulnerability
Threat Level: Severe
Industry ID: CVE-2000-1104 CVE-2000-0746 Bugtraq: 1595,1594 Nessus: 10572
Signature Description: Microsoft IIS contains a flaw that allows a remote cross site scripting attack. This flaw exists
because the application does not validate input upon submission to the "Form_VBScript.asp" script. This could allow a
user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship
between the browser and the server, leading to loss of integrity. Vulnerable Platforms are Microsoft IIS 4.0 and 5.0.
Signature ID: 1747
WEB-Microsoft IIS FTP del attempt Vulnerability
Threat Level: Severe
Industry ID: CVE-1999-0777 Bugtraq: 658
Signature Description: Microsoft IIS(Internet Information Server) is a group of Internet servers including Hypertext
Transfer Protocol service and a File Transfer Protocol service. It was developed by Microsoft. IIS allows users to delete
files on the server by using the del command. Microsoft IIS 4.0 and Microsoft Commercial Internet System 2.5 are
vulnerable. This rule generates an event when an attacker sent del command to the http server.<br>
Signature ID: 1748
Microsoft Front Page file doctodep.btr access Vulnerability
Threat Level: Information
Signature Description: Microsoft FrontPage is a HTML editor and web site administration tool from Microsoft for
Windows. Front Page Server Extensions allows Microsoft FrontPage clients to communicate with web servers, and
provide additional functionality intended for websites. This rule will triggers when an attacker attempt to access
Microsoft Front Page file doctodep.btr. Doctodep.btr is a dependency database for the web and can sometimes contain
fragments of server side code.
Signature ID: 1749
Microsoft IIS Escape Character Parsing Vulnerability
Threat Level: Information
Industry ID: CVE-2000-0024
Bugtraq: 886
Signature Description: Microsoft Internet Information Server (IIS) contains a potentially exploitable vulnerability that
could allow attackers to bypass the security of third-party applications running atop IIS. Special and unprintable
characters are represented in URLs as hexadecimal escapes preceded by the '%' character. Some invalid hexadecimal
characters (characters other than 0-9 or a-f) could be interpreted as valid ASCII characters and could be used to subvert
access controls in some applications. Vulnerable Platforms are Microsoft Site Server Commerce Edition 3.0, Microsoft
IIS 4.0