Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
38
Signature ID: 208
Tomcat's /admin is world readable vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0672 Bugtraq: 1548 Nessus: 10477
Signature Description: Apache Software Foundation Tomcat is a Servlet container. Tomcat implements the Java
Servlet and the JavaServer Pages (JSP) specifications from Sun Microsystems, providing a "pure Java" HTTP web
server environment for the Java applications. In Apache Software Foundation Tomcat 3.0 and 3.1, the
'/admin/contextAdmin/contextAdmin.html' page can be accessed by anyone. This allows an attacker to add new
contexts to the Tomcat web server, and potentially read arbitrary files on the server with the privileges of the web
server. This can give an attacker valuable information that can be used in subsequent attacks.
Signature ID: 209
Jakarta Tomcat Path Disclosure vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0759 Bugtraq: 1531 Nessus: 10807
Signature Description: Apache Software Foundation Tomcat is a Servlet container. Tomcat implements the Java
Servlet and the JavaServer Pages (JSP) specifications from Sun Microsystems, providing a "pure Java" HTTP web
server environment for the Java applications. In Apache Software Foundation 3.0 and 3.1 under Apache web server,
physical path information of a file is revealed in the error message when a remote attacker requests a URL that does not
exist. This can give an attacker valuable information that can be used in subsequent attacks.
Signature ID: 210
Tomcat's snoop servlet gives too much information vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0760 Bugtraq: 1532 Nessus: 10478
Signature Description: Apache Software Foundation Tomcat is a Servlet container. Tomcat implements the Java
Servlet and the JavaServer Pages (JSP) specifications from Sun Microsystems, providing a "pure Java" HTTP web
server environment for the Java applications. A vulnerability exists in the snoop servlet portion of the Apache Software
Foundation Tomcat 3.0 and 3.1. Sensitive information about file paths, OS information,etc. is revealed in the error
message on requesting a nonexistent '.snp' file. This can give an attacker valuable information that can be used in
subsequent attacks.
Signature ID: 211
ASP/ASA source using Microsoft Translate: f bug vulnerability
Threat Level: Critical
Industry ID: CVE-2000-0778 Bugtraq: 1578 Nessus: 10491
Signature Description: Internet Information Services(formerly 'server') is a set of Internet-based services for
webservers using Microsoft Windows platform. Microsoft IIS 5.0 has a dedicated scripting engine for advanced file
types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them
accordingly, and then executes them on the server. It is possible to force the server to send back the source of known
scrip file to the client if the HTTP GET request contains a specialized header with 'Translate: f' at the end of it, and if a
trailing slash '/' is appended to the end of the URL. This can give an attacker valuable information which can be used in
subsequent attacks.
Signature ID: 212
Tarantella TTAWebTop.CGI Arbitrary File Viewing Vulnerability
Threat Level: Severe
Industry ID: CVE-2001-0805 CVE-2002-0203 Bugtraq: 2890 Nessus: 10696