Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
31
Signature Description: The /cgi-bin/printenv.pl program is a small perl routine which, when invoked, returns the CGI
Environment Variables set on the server upon which it was invoked. This code can be used to retrieve all of the CGI
Environment Variables and print them out (while testing the code) and must not be available on server except at
development of the website . This script gives an attacker valuable information about the configuration of your web
server, allowing him to focus his attacks.
Signature ID: 174
WEB-CGI Processit access vulnerability
Threat Level: Warning
Nessus: 10649
Signature Description: Pick System's processit.pl CGI script provides an easy HTML form to D3 PICK/Basic program
interface. It contains a vulnerability that allows system environment variables to be viewed by remote users. When a
request is made for an incorrect file or made with no parameters, the CGI script will return environment variables. This
can provide remote users with potentially sensitive data (e.g. script location, SERVER_SOFTWARE,
DOCUMENT_ROOT). The exact versions that are vulnerable are unknown.
Signature ID: 175
Quickstore traversal vulnerability
Threat Level: Warning
Industry ID: CVE-2000-1188 Bugtraq: 2049 Nessus: 10712
Signature Description: Quikstore is an ecommerce shopping cart software package from i-Soft. A vulnerability exists
in Quikstore Shopping Cart in Quikstore 2.0 to 2.9.10. A failure to properly validate user-supplied input leads the script
to disclose files not normally available to a remote user. This could include any file on the affected host, including
password files, server configuration information, credit card information, business models, and other sensitive data.
Signature ID: 176
Extent RBS ISP Directory Traversal vulnerability
Threat Level: Warning
Industry ID: CVE-2000-1036 Bugtraq: 1704 Nessus: 10521
Signature Description: Extent RBS, is a back-office billing and "Authentication, Authorization and Accounting"
(AAA) solution for Internet Service Providers(ISPs) that provides remote management through the web. Extent
Technologies RBS ISP 2.5 is vulnerable to directory traversal attack. Appending '../' to the 'image' variable in http
requests to port 8002 will enable a user to read any available file with the privileges of the http daemon including credit
card details, username, password etc.
Signature ID: 177
Martin Hamilton ROADS' search.pl Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0215 Bugtraq: 2371 Nessus: 10627
Signature Description: The Martin Hamilton ROADS software is a free Internet resource cataloging system, written in
Perl. In Martin Hamilton ROADS 2.3, the 'search.pl' program allows remote attackers to read arbitrary files by
specifying the file name in the form parameter and terminating the file name with a null byte.
Signature ID: 178
Roxen counter module vulnerability
Threat Level: Warning
Nessus: 10207
Signature Description: The Roxen Challenger is a web server written in Pike language. In multiple versions of Roxen
Challenger, requesting large counter GIFs consumes huge amount of CPU-time on the server. If the server does not