TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
239
Signature ID: 1768
WEB-IIS query.asp access Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0449
Bugtraq: 193 Nessus: 10002
Signature Description: Microsoft IIS(Internet Information Server) is a group of Internet servers including a Web or
Hypertext Transfer Protocol server and a File Transfer Protocol server. It was developed by Microsoft. Microsoft
IIS(Microsoft IIS version 4.0) that include the "ExAir" sample site pages are vulnerable to a denial of service attack. If
certain ExAir.asp(active server page) pages are requested directly without having the sample site dlls running,will
cause the server CPU to increases to 100%. By submitting such a request for these .asp pages, and attacker can exhaust
all CPU resources on the server.
Signature ID: 1769
WEB-IIS search97.vts access Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0449 Bugtraq: 193 Nessus: 10002
Signature Description: The Verity/Search'97 software provides a search engine. Verity Search97 2.1.0 is vulnerabile to
a cross site scripting. This vulnerability is due to cgi-bin scripts, s97_cgi and s97r_cgi failing to check for the existence
of certain shell meta characters.A successful exploitation of this issue will allow an attacker to access any file on the
file system. This rule will triggers when an attempt is made to send a search97.vts pattern. This issue is fixed in latest
versions. Update the patch for this vulnerability, available from the Verity Customer Support site.
Signature ID: 1770
WEB-IIS sgdynamo.exe access Vulnerability
Threat Level: Information
Industry ID: CVE-2002-0375 Bugtraq: 4720 Nessus: 11955
Signature Description: SGDynamo is a web application engine for Microsoft Windows operating systems. SGDynamo
is vulnerable to cross-site scripting. A remote attacker could crate a malicious URL link containing sgdynamo.exe
javascript embedded within the HTNAME parameter, once the link is clicked. An attacker could use this vulnerability
to steal a user's cookies and execute arbitrary code on the system. Upgrade to the version 5.32T and later(5.32U, 6.1,
7.00), available at vendor's website.
Signature ID: 1772
Microsoft Internet Information Services iissamples directory access Vulnerability
Threat Level: Information
Nessus: 10370
Signature Description: This rule gets hit when an attempt is made to access iissamples directory on a host running
Microsoft Internet Information Server (IIS). Some applications may store sensitive information such as database
connections, user information, passwords and customer information in files accessible via a web interface. Care should
be taken to ensure these files are not accessible to external sources. The attacker may be trying to gain information on
the IIS implementation on the host, this may be the prelude to an attack against that host using that information.
Signature ID: 1773
Srch.htm file access on Microsoft Internet Information Server Vulnerability
Threat Level: Information
Signature Description: Microsoft IIS(Internet Information Server) is a group of Internet servers including Hypertext
Transfer Protocol service and a File Transfer Protocol service. It was developed by Microsoft. This rule will triggers
when an attempt is made to access a sample application 'search functionality' on Microsoft IIS server. This application
may present an attacker with the opportunity to gain valuable information regarding the implementation of IIS on the
affected host.