TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

231

232

233

234

235

236

237

238

239

240

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

236

Signature ID: 1750

WEB-IIS exec-src access Vulnerability

Threat Level: Information

Signature Description: Microsoft IIS(Internet Information Server) is a group of Internet servers including Hypertext

Transfer Protocol service and a File Transfer Protocol service. It was developed by Microsoft. This rule will tries to

detect when the .exe is found in content while accessing a web server run by IIS. The successful exploitation of this

issue will allow an attacker to gain information on the IIS implementation on the host.

Signature ID: 1751

FoxWeb PATH_INFO Remote Buffer Overrun Vulnerability

Threat Level: Severe

Industry ID: CVE-2003-0762 Bugtraq: 8547 Nessus: 11939

Signature Description: FoxWeb is a tool used to create interactive Web applications for Microsoft Windows operating

systems. FoxWeb version 2.5 is vulnerable to a stack-based buffer overflow in the foxweb.dll scripts. By supplying an

overly long URL string to the PATH_INFO variable (over 3000 bytes) in the foxweb.dll script, a remote attacker could

overflow a buffer and execute arbitrary code on the system. No remedy available as of August 2008.

Signature ID: 1752

FoxWeb PATH_INFO Remote Buffer Overrun Vulnerability

Threat Level: Severe

Industry ID: CVE-2003-0762 Bugtraq: 8547 Nessus: 11939

Signature Description: FoxWeb is a tool used to create interactive Web applications for Microsoft Windows operating

systems. FoxWeb version 2.5 is vulnerable to a stack-based buffer overflow in the foxweb.exe script. By supplying an

overly long string to the PATH_INFO variable (over 3000 bytes) in the the foxweb.exe script, a remote attacker could

overflow a buffer and execute arbitrary code on the system. No remedy available as of August 2008.

Signature ID: 1753

WEB-IIS getdrvs.exe access Vulnerability

Threat Level: Information

Signature Description: Microsoft IIS(Internet Information Server) is a group of Internet servers including Hypertext

Transfer Protocol service and a File Transfer Protocol service. It was developed by Microsoft. This rule will triggers

when an attacker attempt to access getdrvs.exe file. The successful exploitation of this issue will allow a remote

attacker to disclose sensitive information.

Signature ID: 1754

Nimda Worm httpodbc.dll (cool.dll) file access Vulnerability

Threat Level: Severe

Industry ID: CVE-2001-0333 Bugtraq: 2708

Signature Description: Nimda worm uses the Unicode Web Traversal exploit to infect unpatched Microsoft IIS (4.0

and 5.0)web servers. On these web servers, it is possible to construct a URL that would cause the IIS to navigate to any

desired folder on the logical drive that contains the Web folder structure, and then access files in it. Successful

exploitation of the Directory Traversal Vulnerability gives the attacker the ability to install and run code, as well as

add, change, or delete files or Web pages on the compromised server. Apply the appropriate patch, as listed in

Microsoft Security Bulletin MS01-041, MS01-044, MS02-001, or MS02-018.