TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
238
services. It includes a component named RDS (Remote Data Services) which allows remote access via the internet to
database objects through IIS. Microsoft Data Access Components (MDAC) versions 2.1 and earlier, in the default
configuration, could allow a remote attacker to access OLE database sources. Remote Data Services (RDS), one of the
components of MDAC, is designed to permit remote data access to authenticated users through Microsoft Internet
Information Server (IIS). A vulnerability in the DataFactory object of RDS could allow an attacker to use a Web client
to send a SQL query to OLE database data sources.
Signature ID: 1763
Microsoft IIS Outlook Web Access Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0666
Bugtraq: 3223,3368
Signature Description: Outlook Web Access is an optional component of Microsoft Exchange Server which runs in
conjunction with Microsoft Internet Information Server. It provides access to a user's Exchange mailbox through a web
interface. A vulnerability exists in OWA in Exchange Server 5.5 to 5.5 SP4. A user can enter a long string of %
characters into the Log On field in the Outlook Web Access page. Then, when the user receives the NT challenge
dialog, a username and password composed of a long string of % characters is also entered. This will cause the WWW
Publishing service and the IIS Administration service to stop. (Ref: MS01-049)
Signature ID: 1764
Microsoft Internet Information Services (IIS) access to /scripts/perl vulnerability
Threat Level: Information
Signature Description: Microsoft IIS(Internet Information Server) is a group of Internet servers including Hypertext
Transfer Protocol service and a File Transfer Protocol service. It was developed by Microsoft. This rule will triggers
when an attempt is made to access /scripts/perl directory on a web server. This may indicate that an attacker is
attempting to run code of their choosing on that server. A successful exploitation of this issue will allow an attacker to
execute arbitrary commands.
Signature ID: 1765
CGI Lite Perl Module Metacharacter Input Validation Vulnerability
Threat Level: Information
Industry ID: CVE-2003-1365 Bugtraq: 6833
Signature Description: CGI::Lite is a Perl module used for processing and decoding Web form and query information.
The escape_dangerous_chars() function in version 2.0 of the CGI::Lite module fails to filter out certain special
characters from form input. A remote attacker could exploit this vulnerability to read or write to local files, and
possibly execute shell commands on the Web server by supplying malicious form input to an affected Web server.
Signature ID: 1767
WEB-IIS postinfo.asp access Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0360 Bugtraq: 1811
Signature Description: Microsoft Site Server is an intranet server designed for an NT Server with IIS. Site Server
enables users to locate and view information stored in various locations through personalized web pages and
emails.The 'Users' directory, if not already created, is automatically generated once the first successful upload has been
completed. By default the 'Everyone' group is given NTFS Change privileges in the 'Users' directory. As well, Scripting
and Write permissions are assigned by IIS. Due to all of these factors, it is possible for a user to create and upload
various content including ASP pages to the web server through the Anonymous Internet Account
(IUSR_machinename).Successful exploitation of this vulnerability will allow a remote user to possibly upload
malicious content to the web site.Vulnerable platform is Microsoft Site Server Commerce Edition 2.0