Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
12345678910
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
3
Signature ID: 1
BEA WebLogic URL JSP Request Source Code Disclosure Vulnerability
Threat Level: Warning
Bugtraq: 2527 Nessus: 10715,10949
Signature Description: BEA Systems WebLogic Server is an enterprise level web and wireless application server.
Apache Tomcat is a Servlet container developed by the Apache Software Foundation (ASF). BEA Systems Weblogic
Server 5.1, Apache Software Foundation Tomcat 4.0, and Apache Software Foundation Tomcat 3.2.1 can be tricked
into revealing the source code of JSP scripts by using simple URL encoding of characters in the file name extension.
e.g: default.js%70 (=default.jsp) won't be considered as a script but rather as a simple document.
Signature ID: 2
ColdFusion exprcalc.cfm File Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0477 CVE-1999-0455 Bugtraq: 115 Nessus: 10001
Signature Description: ColdFusion is an application server and software development framework used for the
development of computer software in general, and dynamic web sites in particular. Allaire ColdFusion Server 2.0, 3.0
and 4.0 contain a flaw that may lead to an unauthorized information disclosure. It is possible to read arbitrary files on
the remote server using the CGI: /cfdocs/expeval/exprcalc.cfm. This CGI allows anyone to view, delete and upload
anything on the remote ColdFusion Application server.
Signature ID: 4
IIS4 ExAir Sample Site DoS Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0449 Bugtraq: 193 Nessus: 10002
Signature Description: Microsoft IIS (Internet Information Services, formerly called Internet Information Server) is a
set of Internet-based services for servers using Microsoft Windows. Microsoft IIS 4.0 comes with the sample site called
'ExAir'. Unfortunately, one of its pages, namely 'advsearch.asp', may be used to make IIS hang, thus preventing it from
answering to legitimate clients. This happens if the required DLLs are not running in the system.
Signature ID: 5
IIS4 ExAir Sample Site DoS Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0449 CVE-1999-0449 Bugtraq: 193 Nessus: 10003,10002
Signature Description: Microsoft IIS (Internet Information Services, formerly called Internet Information Server) is a
set of Internet-based services for servers using Microsoft Windows. Microsoft IIS 4.0 comes with the sample site called
'ExAir'. Unfortunately, one of its pages, namely 'query.asp', may be used to make IIS hang, thus preventing it from
answering to legitimate clients. This happens if the required DLLs are not running in the system.
Signature ID: 6
IIS4 ExAir Sample Site DoS Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0449
CVE-1999-0449 Bugtraq: 193 Nessus: 10004,10002
Signature Description: Microsoft IIS (Internet Information Services, formerly called Internet Information Server) is a
set of Internet-based services for servers using Microsoft Windows. Microsoft IIS 4.0 comes with the sample site called
'ExAir'. Unfortunately, one of its pages, namely 'search.asp', may be used to make IIS hang, thus preventing it from
answering to legitimate clients. This happens if the required DLLs are not running in the system.