TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
413
Signature ID: 10140
Access to vulnerable WorldClient CGI for MDaemon Server
Threat Level: Information
Industry ID: CVE-2002-1741
Bugtraq: 4687 Nessus: 10745
Signature Description: WorldClient is a web interface packaged with MDaemon, an email server for Microsoft
Windows. WorldClient.cgi for Mdaemon enables attackers with the proper username and password combination to
access locally stored mailboxes and to delete arbitrary files on the server. In addition, earlier versions of WorldClient
suffer from buffer overflow vulnerabilities, and web traversal problems.
Signature ID: 10147
Sun Cobalt Adaptive Firewall Detection
Threat Level: Information
Nessus: 10878
Signature Description: Sun Cobalt machines contain a firewall mechanism, which can be configured remotely by
accessing Cobalt's built-in HTTP server. Upon access to the HTTP server, a user is required to enter a passphrase
without giving any user name. Thus bruteforce attacks are easy. Access to this administrative interface should be
restricted from external network.
Signature ID: 10148
SSH protocol version 1.33 enabled
Threat Level: Information
Nessus: 10882
Signature Description: Some SSH daemon supports connections made using the version 1.33 of the SSH protocol.
These protocols are not completely cryptographically safe so they should not be used.
Signature ID: 10149
SSH protocol version 1.5 Enabled
Threat Level: Information
Nessus: 10882
Signature Description: Some SSH daemons supports connections initiated using version 1.5 of the SSH protocol. This
version of the protocol is not completely cryptographically safe so they should not be used.
Signature ID: 10150
Access to vulnerable SiteScope Web Managegment Server
Threat Level: Information
Nessus: 10740
Signature Description: SiteScope Management web server allows attackers to gain sensitive information on the
SiteScope-monitored server. This sensitive information includes (but is not limited to): license number, current users
etc. It is recommanded to disable the access to this service from external network.
Signature ID: 10152
Access to NTP read variables
Threat Level: Information
Nessus: 10884
Signature Description: Network Time Protocol(NTP) is a protocol that is used to synchronize computer clock times in
network of computers. An attacker gain more information about the remote host by querying the NTP variables these
includes OS descriptor, and time settings. Theoretically one can work out the NTP peer relationships and track back
network settings from this.