Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
26
Signature ID: 150
MacOS X Finder reveals contents of Apache Web files vulnerability
Threat Level: Warning
Industry ID: CVE-2001-1446 CVE-2001-1446 Bugtraq: 3325 Nessus: 10773
Signature Description: Mac OS X is a line of computer operating systems developed, marketed, and sold by Apple
Inc,which come pre-loaded on Macintosh computers. Find-By-Content in Mac OS X 10.0 through 10.0.4 creates index
files named '.FBCIndex' in every directory. A remote attacker may read the indexed contents of files by submitting a
request for the file in a desired directory to the web server. This allows remote attackers to learn the contents of files in
web accessible directories. This information could provide an attacker with sensitive information including potential
passwords, system configuration, installed applications, etc. This information can be used by the attacker to further
compromise the security of the server in subsequent attacks.
Signature ID: 151
Outlook Web anonymous access vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0660 Bugtraq: 3301 Nessus: 10781
Signature Description: Microsoft Exchange Server is a messaging and collaborative software product developed by
Microsoft. Exchange Server's major features consist of electronic mail, calendaring, contacts and tasks. Outlook Web
Access (OWA) in Microsoft Exchange Server 5.5 up to SP4 is vulnerable to an access validation error that may lead to
information disclosure. Due to this, an unauthenticated user can gain read access to the entire Global Address List. This
information can be used by the attacker in subsequent social enginering attacks.
Signature ID: 152
Oracle Web Listener Batch File Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0169 Bugtraq: 1053
Signature Description: Oracle Web Listener is a general-purpose application server from Oracle. Oracle Web Listener
4.0.x for NT uses various batch files as cgi scripts. These are stored in the /ows-bin/ directory by default. Any of these
batch files can be used to run arbitrary commands on the server by appending '?&' and a command to the filename.
UNC paths can be used to cause the server to download and execute remote code.
Signature ID: 153
WEB-CGI pagelog.cgi directory traversal vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0940 Bugtraq: 1864 Nessus: 10591
Signature Description: Metertek's Pagelog.cgi is a CGI script to log the details about visits to the webpages on the web
server. The script displays the number of hits and emails the logfile data about the visitors after a specified number of
visits. Directory traversal vulnerability in Metertek pagelog.cgi 1.0 allows remote attackers to read and create or
overwrite .log or .txt files via a .. (dot dot) character sequence passed to the "name" or "display" parameter.
Signature ID: 154
WebPALS Remote Command Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0217
CVE-2001-0216 Bugtraq: 2372 Nessus: 10611
Signature Description: Initiated at Mankato State University in 1978, the name PALS was originally an acronym for
Project for Automated Library Systems. Originally a Minnesota State University System undertaking, PALS now
serves all of the Minnesota State Colleges and Universities. MnSCU/PALS Library System WebPALS 1.0 'pals-cgi'