TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
43
interface to the "gais" (Global Area Intelligent Search) search engine tool developed by WebGAIS Development Team.
Due to improper input checking in WebGAIS 1.0 to 1.0 B2 (inclusive), '/cgi-bin/webgais' script allows a remote
attacker to execute commands at the privilege level of the web server. An attacker can execute commands using the ';'
character due to improper validation of 'query' argument before calling Perl "system" command. The specially crafted
attack packet must include the parameters output=subject and domain=paragraph.
Signature ID: 233
Websendmail Command execution vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0196
Bugtraq: 2077 Nessus: 10301
Signature Description: The Common Gateway Interface (CGI) is a standard protocol for interfacing external
application software with an information server, commonly a web server. WEBgais is a package that provides a web
interface to the "gais" (Global Area Intelligent Search) search engine tool developed by WebGAIS Development Team.
Due to improper input checking in WebGAIS 1.0 to 1.0 B2 (inclusive), 'websendmail' script allows a remote attacker to
execute commands at the privilege level of the web server. An attacker can execute commands in POST method
request using the ';' character, due to improper validation of 'receiver' argument before calling Perl "Open" command.
Signature ID: 234
Vulnerable WebSite pro can reveal the physical path of web directory
Threat Level: Warning
Industry ID: CVE-2000-0066 Bugtraq: 932 Nessus: 10303
Signature Description: A computer program that is responsible for accepting HTTP requests from clients and serving
them HTTP responses along with optional data contents is known as a webserver. The Common Gateway Interface
(CGI) is a standard protocol for interfacing external application software with an information server, commonly a web
server. O'Reilly's Website Pro is a web server. O'Reilly WebSite Professional web server 2.3.18 to 2.4.9 (inclusive)
allows remote attackers to determine the complete absolute directory of web directories via a malformed URL request.
This information is revealed in the HTTP 404 error response from the vulnerable server. This can give an attacker
valuable information which can be used in subsequent attacks.
Signature ID: 236
WebSpeed remote configuration vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0127 Bugtraq: 969 Nessus: 10304
Signature Description: Progress WebSpeed is an Internet Transaction Processing (ITP) web application which allows
for database connectivity and transaction management. The WEbSpeed WSISA Messenger Administration Utility is
remotely accessible from any web browser. In Progress WebSpeed 3.0, this utility displays sensitive web server
statistics and grants capabilities to administer certain functions of the web server, and can be accessed without any
authentication requirements whatsoever. This misconfiguration may lead to a hacker gaining complete control of the
website.
Signature ID: 237
Directory Traversal Vulnerabity in webspirs.cgi
Threat Level: Severe
Industry ID: CVE-2001-0211
Bugtraq: 2362 Nessus: 10616
Signature Description: SilverPlatter ERL is system for providing hard disk access to electronic reference library
databases via the Data Exchange Protocol (DXP). the electronic reference library SilverPlatter WebSPIRS is
SilverPlatter's most popular search interface. In SilverPlatter WebSPIRS 3.3.1, a remote attacker can gain read access
to known files outside the directory where SilverPlatter WebSPIRS resides. Requesting a specially crafted URL with
the sp.nextform parameter containing '../' character sequence along with the known file name will disclose the contents
of the requested file. This can give an attacker valuable information which can be used in subsequent attacks.