TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
357
Signature ID: 4035
Oracle WebCache server multiple DoS vulnerabilities
Threat Level: Warning
Industry ID: CVE-2002-0102
CVE-2002-0102 Bugtraq: 3760,3762 Nessus: 10808
Signature Description: Oracle9iAS Web Cache is a web caching solution for Oracle 9iAS Application Server,
providing quick retrieval of dynamic web content. Oracle9iAS Web Cache 2.0.0.0 to 2.0.0.2(inclusive) allows remote
attackers to cause a denial of service due to multiple vulnerabilities. A request to TCP ports 1100, 4000, 4001, and
4002 with a large number of null characters can result in a Denial of Service condition. A request to TCP port 4000
with a large number of "." characters can also result in a Denial of Service condition. This signature detects presence of
Oracle9iAS Web Cache traffic on port 1100 and is only informational.
Signature ID: 4038
Progressive Networks Real Video server DoS vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0271 Nessus: 10183
Signature Description: The Progressive Networks Real Video server is a full-featured, cross-platform video solution
for the Internet. Progressive Networks Real Video server (pnserver) can be crashed remotely by sending a specially
crafted packet containing a sequence of 5 characters. This crash results in Denial of Service condition which can be
remedied by restarting the program.
Signature ID: 4039
Progressive Networks Real Video server Ramgen DoS vulnerability
Threat Level: Severe
Industry ID: CVE-1999-0896 Bugtraq: 767 Nessus: 10199
Signature Description: The Progressive Networks Real Video server is a full-featured, cross-platform video solution
for the Internet. Real Server 5.0 can be crashed by sending an overly long (4082+ bytes) ramgen request. This crash
results in Denial of Service condition which can be remedied by restarting the program.
Signature ID: 4041
Windows NT 4.0 NetBIOS DoS vulnerability
Threat Level: Severe
Industry ID: CVE-1999-0980
CVE-1999-0652 Bugtraq: 754 Nessus: 10204,10144
Signature Description: Windows NT is a family of operating systems produced by Microsoft. Windows NT 4.0 to 4.0
SP6 (inclusive) Service Control Manager (SCM) allows remote attackers to cause a crash via a malformed argument in
a resource enumeration request. A malicious user may use this attack to shut down NT server services creating a denial
of service condition on the network: This attack crashes the "services.exe", which in turn, disables communication via
named pipes. As a consequence, users will be unable to remotely logon, logoff, manage the registry, create new file
share connections, or perform remote administration. Services such as Internet Information Server also fail to operate
as expected. If this denial of service is combined with a number of other exploits, it may be possible to have this attack
spawn a Debugger call on the host, which, if trojaned, may execute malicious code on the target host.
Signature ID: 4044
Ident server Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-1107 CVE-2007-2711 Bugtraq: 2015,23981 Nessus: 10560,10021
Signature Description: The Ident Protocol, specified in RFC 1413, is an Internet protocol that helps identify the user of
a particular TCP connection. 'identd' is a daemon program for providing the ident service. The existence of Ident
service on a server may give away sensitive information that can help an attacker to focus his attacks. Multiple
daemons of Ident service have different vulnerabilities. S.u.S.E. Linux 6.0 to 7.0 (inclusive) ship with a vulnerable