TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
247
Signature ID: 1824
WEB-COLDFUSION sendmail.cfm access Vulnerability
Threat Level: Information
Industry ID: CVE-2001-0535
CVE-1999-0760 Bugtraq: 550
Signature Description: ColdFusion is an application server and software development framework used for the
development of computer software in general, and dynamic web sites. ColdFusion is a similar product to Microsoft
ASP.NET, JavaServer Pages or PHP. ColdFusion Server includes several undocumented CFML tags and functions.
ColdFusion 4.0 is vulnerable. Undocumented CFML tags in ColdFusion will allow an remote attacker to gain
unauthorized access to administrative privileges, including registry and advanced security settings. This rule will
triggers when an attempt is made to send sendmail.cfm pattern. Upgrade the patches are available from vendors web
site.
Signature ID: 1825
WEB-COLDFUSION setodbcini Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0760 Bugtraq: 550
Signature Description: ColdFusion is a programming language based on standard HTML(Hyper Text Markup
Language) that is used to creating and serving web-based applications that interact with back-end databases. Web pages
that interact with ColdFusion application servers have a .cfm file extension. ColdFusion Web pages include tags written
in Cold Fusion Markup Language(CFML). ColdFusion(ColdFusion versions 3.x and 4.x) server include undocumented
CFML(ColdFusion Markup Language) tags and functions that are used in the ColdFusion Administrator. The
undocumented CFUSION_SETODBCINI() function, could be used by an attacker to sets ODBC data source
information in the registry.
Signature ID: 1826
WEB-COLDFUSION settings refresh vulnerability
Threat Level: Information
Industry ID: CVE-1999-0760 Bugtraq: 550
Signature Description: ColdFusion is a programming language based on standard HTML(Hyper Text Markup
Language) that is used to creating and serving web-based applications that interact with back-end databases. Web pages
that interact with ColdFusion application servers have a .cfm file extension. ColdFusion Web pages include tags written
in Cold Fusion Markup Language(CFML). ColdFusion(ColdFusion versions 3.x and 4.x) server include undocumented
CFML(ColdFusion Markup Language) tags and functions that are used in the ColdFusion Administrator. The
undocumented CFUSION_SETTINGS_REFRESH() function, could be used by an attacker to Refreshes some
ColdFusion settings not requiring a restart.
Signature ID: 1827
WEB-COLDFUSION snippets vulnerability
Threat Level: Information
Industry ID: CVE-1999-0760 Bugtraq: 550
Signature Description: ColdFusion is an application server and software development framework used for the
development of computer software in general, and dynamic web sites. ColdFusion is a similar product to Microsoft
ASP.NET, JavaServer Pages or PHP. ColdFusion Server includes several undocumented CFML tags and functions.
ColdFusion( 2.0, 3.0, 3.0.1, 3.1, 3.1.1, 3.1.2, 4.0, 4.0.1) are vulnerable. Undocumented CFML tags in ColdFusion will
allow an remote attacker to gain unauthorized access to administrative privileges, including registry and advanced
security settings. This rule will triggers when an attempt is made to send cfdocs/snippets pattern. Upgrade the patches
are available from vendors web site.