TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
241
software. RSA Authentication Agent for Web for IIS contains a heap overflow vulnerability. When a Web client sends
a Hyper Text Transfer Protocol (HTTP) request to an IIS Web server, IIS parses the Uniform Resource Locator (URL),
and passes it to SecurID. SecurID then authenticates the remote user. If the user passes authentication, SecurID grants
permission to access the server. The vulnerability exists in SecurID when it parses the URL request received from the
IIS. The flaw can be triggered by a specially crafted HTTP request containing data encoded using the "chunked"
transfer encoding. Successful exploitation of this vulnerability could allow a remote, unauthenticated attacker to
execute arbitrary code with LocalSystem privileges on the vulnerable server. Vulnerable Platforms are RSA
Authentication Agent for Web 5.0, 5.2, 5.3
Signature ID: 1800
WEB-COLDFUSION CFUSION_VERIFYMAIL access Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0760 Bugtraq: 550
Signature Description: ColdFusion is a programming language based on standard HTML(Hyper Text Markup
Language) that is used to creating and serving web-based applications that interact with back-end databases. Web pages
that interact with ColdFusion application servers have a .cfm file extension. ColdFusion Web pages include tags written
in Cold Fusion Markup Language(CFML). ColdFusion(ColdFusion versions 3.x and 4.x) server include undocumented
CFML(ColdFusion Markup Language) tags and functions that are used in the ColdFusion Administrator. The
undocumented CFUSION_VERIFYMAIL() function, could be used by an attacker to Verifies the connection to the
default ColdFusion SMTP mail server.
Signature ID: 1801
WEB-COLDFUSION addcontent.cfm access Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0535
Signature Description: ColdFusion is an application server and software development framework used for the
development of computer software in general, and dynamic web sites. ColdFusion is a similar product to Microsoft
ASP.NET, JavaServer Pages or PHP. ColdFusion Server includes several undocumented CFML tags and functions.
ColdFusion 4.x is vulnerable. Undocumented CFML tags in ColdFusion will allow an remote attacker to gain
unauthorized access to administrative privileges, including registry and advanced security settings. This rule will
triggers when an attempt is made to send cfdocs/exampleapp/publish/admin/addcontent.cfm pattern. Update the latest
version to resolve this issue.
Signature ID: 1802
WEB-COLDFUSION admin decrypt Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0760 Bugtraq: 550
Signature Description: ColdFusion is a programming language based on standard HTML(Hyper Text Markup
Language) that is used to creating and serving web-based applications that interact with back-end databases. Web pages
that interact with ColdFusion application servers have a .cfm file extension. ColdFusion Web pages include tags written
in Cold Fusion Markup Language(CFML). ColdFusion(ColdFusion versions 3.x and 4.x) server include undocumented
CFML(ColdFusion Markup Language) tags and functions that are used in the ColdFusion Administrator. The
cfusion_decrypt() function, this can be used to retrieve and decrypt the admin and studio passwords. With these
passwords, an attacker can use a variety of tools for retrieve directory listing, uploadfiles, registry access, and security
access.
Signature ID: 1803
WEB-COLDFUSION admin encrypt Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0760
Bugtraq: 550