TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
237
Signature ID: 1755
Microsoft IIS 4.0 Buffer Overflow while processing .HTR, .STM and .IDC files Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0874
Bugtraq: 307
Signature Description: Microsoft Internet Information Server (IIS) version 4.0 is vulnerable to a denial of service
attack caused by a buffer overflow involving the way that .HTR, .STM, and .IDC files are processed. IIS version 4.0
can perform various server-side processing with specific file types. Requests for files ending with .HTR, .STM, or .IDC
extensions are passed to the appropriate external DLL for processing. By sending a malformed request, an attacker can
overflow a buffer and cause the service to crash. It may be possible for an attacker to use this vulnerability to execute
arbitrary code on the system.
Signature ID: 1756
WEB-IIS iissamples access Vulnerability
Threat Level: Information
Nessus: 11032
Signature Description: This event indicates that an attempt has been made to exploit potential weaknesses in a host
running Microsoft IIS. The attacker may be trying to gain information on the IIS implementation on the host, this may
be the prelude to an attack against that host using that information. The attacker may also be trying to gain
administrator access to the host, garner information on users of the system or retrieve sensitive customer information.
This rule will triggers when an attempt is made to send an iissamples pattern.
Signature ID: 1759
WEB-IIS JET VBA access Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0874 Bugtraq: 286,307
Signature Description: Microsoft JET database engine is a database management system that retrieves data from and
stores data in user and system databases. The Microsoft Jet database engine can be thought of as a data manager upon
which database systems, such as Microsoft Access, are built. Microsoft JET database engine has sophisticated query
and optimization capabilities that are unmatched by other desktop database engines in its class. Microsoft
JET3.51,Microsoft JET 3.5 and Microsoft IIS 4.0 are vulnerable to gain access. A successful exploitation of this
vulnerability allow an attacker to gain information on vulnerable system. This vulnerability is fixed in Microsoft JET
4.0 version. Administrators are advised to upgrade the Microsoft JET 4.0 version or later version to resolve this
vulnerability.
Signature ID: 1760
CGI script mkilog.exe access Vulnerability
Threat Level: Information
Nessus: 10359
Signature Description: This rule gets hit when an attempt is made to access the file mkilog.exe. mkilog.exe is a
Common Gateway Interface (CGI) script that can be used to view and modify SQL database contents. It posts data to
another module, ctss.idc, that creates a table based on the parameters passed to it. If an attacker passes parameters such
as a valid username and password to create a table, it may be possible to alter the table to execute commands on the
vulnerable server.
Signature ID: 1761
Microsoft IIS unauthorized ODBC data access with RDS Vulnerability
Threat Level: Information
Industry ID: CVE-1999-1011
Bugtraq: 529 Nessus: 10359
Signature Description: MDAC (Microsoft Data Access Components) is a package used to integrate web and database