TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
240
Signature ID: 1774
Microsoft Index Server 'srchadm' file access Vulnerability
Threat Level: Information
Nessus: 11032
Signature Description: The Microsoft Indexing Server comes as part of Windows 2000, Windows XP and Windows
2003 and does not require any additional licensing. Indexing Server is provides search capabilities. This rule will
triggers when an attempt is made to access srchadm, a directory used by the Microsoft Index Server in IIS. The attacker
may be trying to gain information on the IIS implementation on the host, this may be the prelude to an attack against
that host using that information.
Signature ID: 1775
Microsoft Site Server 2.0 with IIS 4.0 uploadn.asp file access Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0360 Bugtraq: 1811
Signature Description: Microsoft Site Server is an intranet server designed for an NT Server with IIS. Site Server
enables users to locate and view information stored in various locations through personalized web pages and emails.
The 'Users' directory, if not already created, is automatically generated once the first successful upload has been
completed. By default the 'Everyone' group is given NTFS Change privileges in the 'Users' directory. As well, Scripting
and Write permissions are assigned by IIS. Due to all of these factors, it is possible for a user to create and upload
various content including ASP pages to the web server through the Anonymous Internet Account
(IUSR_machinename).Successful exploitation of this vulnerability will allow a remote user to possibly upload
malicious content to the web site. Microsoft Site Server Commerce Edition 2.0 is vulnerable.
Signature ID: 1776
Microsoft Internet Information Server 'users.xml' file access Vulnerability
Threat Level: Information
Signature Description: Microsoft IIS(Internet Information Server) is a group of Internet servers including a Web or
Hypertext Transfer Protocol server and a File Transfer Protocol server. It was developed by Microsoft. This rule gets
hit when an attempt is made to exploit a potential weakness on a host running Microsoft Internet Information Server
(IIS). Specifically, this event indicates an attempt to retrieve the file "users.xml" which may contain username and
password information for the host.
Signature ID: 1777
Microsoft Windows 2000 Resource Kit W3Who.DLL Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2004-1134 Bugtraq: 11820
Signature Description: The Microsoft Windows 2000 Resource Kit supports many utilities designed for diagnostic
administration of the Windows platform. W3Who is an Internet server application Dynamic-Link library (DLL)
designed to display information regarding the calling context of the client browser along with the configuration of the
host server. W3Who is vulnerable to a buffer overflow. A remote attacker could send a specially-crafted string
containing 519 to 12571 characters to overflow a buffer and execute arbitrary code on the system.
Signature ID: 1779
RSA Authentication Agent for Microsoft IIS Heap Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1471 Bugtraq: 13524
Signature Description: RSA Authentication Agent software provides access control for networks, web applications,
and operating systems. It is used in conjunction with RSA SecurID Authenticators and Authentication Manager