Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
42
Signature ID: 226
Misconfigured Webcart information disclosure vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0610 Bugtraq: 2281 Nessus: 10298
Signature Description: WebCart is a web commerce product provided by Mountain Network Systems, Inc. Default
installations of Mountain Network Systems Inc. WebCart 1.0 are vulnerable to information disclosure due to
misconfiguration of access policies. The program writes customer order information in remotely accessible text
files.This information includes credit card details and other sensitive information. This signature detects access to
'/config/clients.txt' file.
Signature ID: 227
Misconfigured Webcart information disclosure vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0610 Bugtraq: 2281 Nessus: 10298
Signature Description: WebCart is a web commerce product provided by Mountain Network Systems, Inc. Default
installations of Mountain Network Systems Inc. WebCart 1.0 are vulnerable to information disclosure due to
misconfiguration of access policies. The program writes customer order information in remotely accessible text
files.This information includes credit card details and other sensitive information. This signature detects access to
'/orders/import.txt' file.
Signature ID: 229
Webdist CGI command execution vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0039 Bugtraq: 374 Nessus: 10299
Signature Description: IRIX is a computer operating system developed by Silicon Graphics, Inc. to run natively on
their 32-bit and 64-bit MIPS architecture workstations and servers. The Common Gateway Interface (CGI) is a
standard protocol for interfacing external application software with an information server, commonly a web server. A
vulnerability exists in the 'webdist.cgi' CGI program as included by Silicon Graphics in their IRIX operating system
versions 5.0 to 6.3 (inclusive). The 'webdist.cgi' CGI program allows remote attackers to execute arbitrary commands
with the privileges of the web server process via shell metacharacters in the 'distloc' parameter.
Signature ID: 231
Buffer overflow vulnerability in WebSitePro webfind.exe
Threat Level: Warning
Industry ID: CVE-2000-0622 Bugtraq: 1487 Nessus: 10475
Signature Description: A computer program that is responsible for accepting HTTP requests from clients and serving
them HTTP responses along with optional data contents is known as a webserver. The Common Gateway Interface
(CGI) is a standard protocol for interfacing external application software with an information server, commonly a web
server. O'Reilly's Website Pro is a webserver. Buffer overflow in Webfind CGI program in O'Reilly WebSite
Professional web server 2.3.18 to 2.4.9 (inclusive) allows remote attackers to execute arbitrary as root commands via a
URL containing a long "keywords" parameter.
Signature ID: 232
WEBgais Remote Command Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-1999-0176 Bugtraq: 2058 Nessus: 10300
Signature Description: The Common Gateway Interface (CGI) is a standard protocol for interfacing external
application software with an information server, commonly a web server. WEBgais is a script that provides a web