Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
24
directory. This allows an attacker to gain valuable information about the directory structure of the remote host and
could reveal the presence of files which are not intended to be visible. Netscape FastTrack Server 3.0.1 is
vulnerable.<br>
Signature ID: 139
Netscape publishingXpert 2 arbitrary file disclosure vulnerability
Threat Level: Warning
Industry ID: CVE-2000-1196 Nessus: 10364
Signature Description: Netscape publishingXpert is a solution for publishers to author, revise, stage, deliver, and
manage their own online services. PSCOErrPage.htm file in Netscape PublishingXpert 2.5 version prior to SP2 allows
remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter. An example of an
exploit for this vulnerability is '/PSUser/PSCOErrPage.htm?errPagePath=/etc/passwd'.
Signature ID: 140
Netscape Enterprise Server Directory Indexing Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0236 Bugtraq: 1063 Nessus: 10352
Signature Description: Netscape Enterprise Server was a web server developed originally by Netscape
Communications Corporation. The product has since been acquired by Sun microsystems and renamed as Sun Java
System Web Server. Netscape Enterprise Server 3.0 to 3.6 with Directory Indexing enabled allows remote attackers to
list server directories via web publishing tags like ?wp-cs-dump. This information can assist an attacker in subsequent
attacks.
Signature ID: 141
Newdsn.exe File Creation Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0191 Bugtraq: 1818 Nessus: 10360
Signature Description: Microsoft IIS is a popular web server package for Windows based platforms. Microsoft IIS 3.0
comes with a sample program called newdsn.exe, installed by default in the directory 'wwwroot/scripts/tools/'.
Execution of this program with a URL could allow for remote file creation. The file created is a Microsoft Access
Database, but can have any extension, including .html.
Signature ID: 142
WEB-CGI newsdesk.cgi access vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0231
Bugtraq: 2172 Nessus: 10586
Signature Description: Ibrow newsdesk is a cgi script designed to allow remote administration of website news
headlines. Ibrow newsdesk.cgi 1.2 fails to properly remove '../' sequences from user-supplied input to the "t" parameter.
An attacker can use this vulnerability to reveal the contents of any file on the filesystem that is accessible to the
webserver. An attacker can use this vulnerability to his advantage by getting the password file used by newsdesk cgi
script using 't=../pass.txt'. Such information can then be used to deface the website.
Signature ID: 144
GroupWise Web Interface 'HELP' command vulnerability
Threat Level: Warning
Industry ID: CVE-1999-1005
Bugtraq: 879 Nessus: 10877
Signature Description: The file Gwweb.exe is a dangerous file which can grant remote users read access to sensitive
files, file path information as well as the ability to remotely execute arbitrary code with privileges of the web server.