Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
37
Signature Description: Thinking Arts is a Devon (UK) based web design company specializing in art related e-
commerce websites. Thinking Arts 'ES.One' package is one such solution. Directory traversal vulnerability in 'store.cgi'
in 'Thinking Arts ES.One' 1.0 package allows remote attackers to read arbitrary files via a .. (dot dot) character
sequence in the StartID parameter.
Signature ID: 203
Redhat Stronghold File System Disclosure vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0868 Bugtraq: 3577 Nessus: 10803
Signature Description: In RedHat Stronghold 2.3 to 3.0 (inclusive), if a restricted access to the server status report is
not enabled, then a remote attacker can gain access to sensitive system files including the 'httpd.conf' file. Remote
attackers can retrieve these files via a HTTP GET request to (1) stronghold-info or (2) stronghold-status. These urls are
not enabled in the default installation and must be manually enabled for the system to be vulnerable.
Signature ID: 204
Reading CGI script sources using /cgi-bin-sdb vulnerability
Threat Level: Severe
Industry ID: CVE-2000-0868 Bugtraq: 1658 Nessus: 10503
Signature Description: Linux is a Unix-like computer operating system. SUSE is a retail operating system based on the
linux kernel, produced in Germany and owned by Novell, Inc. The default configuration of Apache 1.3.12 in SuSE
Linux 6.3 and 6.4 has the directory '/cgi-bin-sdb' as an Alias of '/cgi-bin'. This allows remote attackers to read source
code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. This can give an attacker
valuable information that can be used in subsequent attacks.
Signature ID: 205
SWC Overflow vulnerability
Threat Level: Warning
Nessus: 10493
Signature Description: A web counter or hit counter is a computer software program that indicates the number of
visitors, or hits, a particular webpage has received. The Common Gateway Interface (CGI) is a standard protocol for
interfacing external application software with an information server, commonly a web server. 'Simple Web Counter' is
a web counter cgi written by Ross Thompson. The Simple Web Counter cgi 1.1 an prior is vulnerable to a buffer
overflow when issued a too long value to the 'ctr=' argument. This will allow anyone to execute arbitrary commands
with the same privileges as the web server (root or nobody).
Signature ID: 206
Multiple Vendor test-cgi Directory Listing Vulnerability
Threat Level: Severe
Industry ID: CVE-1999-0070 Bugtraq: 2003 Nessus: 10282
Signature Description: A webserver is a computer program that is responsible for accepting HTTP requests and serving
them HTTP responses along with optional data contents such as HTML documents and linked objects. The NCSA
HTTPd was a web server originally developed at the NCSA. The Apache HTTP Server is a well-known webserver
whose code was based on NCSA HTTPd server. NCSA httpd 1.5.2 a and prior, Apache Software Foundation Apache
1.0.5 and prior come with a CGI sample shell script called 'test-cgi' that is located by default in '/cgi-bin' directory. This
script is vulnerable to directory disclosure as it does not properly enclose echo command parameters in quotes. The
echo command expands the '*' charecter to give a directory listing of the specified directory with the privileges of the
web server. This can give an attacker valuable information that can be used in subsequent attacks.