TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
47
Signature ID: 258
Oracle 9iAS Dynamic Monitoring Services vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0563
Bugtraq: 4293 Nessus: 10848
Signature Description: The Oracle Application Server is a platform for developing, deploying, and integrating
enterprise applications. This software is produced and marketed by Oracle Corporation. Oracle 9i Application
Server(9iAS) comes with an Apache-based web server and support for environments such as SOAP, PL/SQL, XSQL
and JSP. In Oracle 9i Application Server, if the default settings are used, remote unauthenticated attackers can directly
accesses the Apache HTTP server Dynamic Monitoring Services, which will disclose sensitive information about the
server, resulting in a loss of confidentiality. Information obtained by attacker can then be used in further attacks.
Signature ID: 259
Oracle 9iAS XSQLConfig.xml File disclosure vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0568 CVE-2002-0568 Bugtraq: 4290 Nessus: 10855,11224
Signature Description: The Oracle Application Server is a platform for developing, deploying, and integrating
enterprise applications. This software is produced and marketed by Oracle Corporation. Oracle 9iAS includes a
configuration file called ‘XSQLConfig.xml’ . The configuration file contains sensitive information such
as database user names and passwords. If default configuration is used, this file is accessible to remote clients without
any authentication. It is possible for malicious users to access and read the file through a virtual directory. Information
obtained by attacker can then be used in further attacks.
Signature ID: 260
MS Site Server Information disclosure vulnerability
Threat Level: Warning
Industry ID: CVE-2002-1769 Bugtraq: 3998 Nessus: 11018
Signature Description: Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It
provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce
Edition incorporates the same features as well as providing an interface for e-commerce sites to interact and conduct
business with customers and suppliers. Microsoft Site Server 3.0 prior to SP4 has a default user called
‘LDAP_Anonymous’ with a default password as ‘LdapPassword_1’. This user account is
added to the 'Guests' group, and is given the 'Log on locally' privilege. Using this account, an attacker can gain access
to sensitive information on the host. This information can be used in subsequent attacks. This signature detects access
to ‘persmbr/’ directory.
Signature ID: 261
MS Site Server Information disclosure vulnerability
Threat Level: Warning
Industry ID: CVE-2002-1769
Bugtraq: 3998 Nessus: 11018
Signature Description: Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It
provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce
Edition incorporates the same features as well as providing an interface for e-commerce sites to interact and conduct
business with customers and suppliers. Microsoft Site Server 3.0 prior to SP4 has a default user called
‘LDAP_Anonymous’ with a default password as ‘LdapPassword_1’. This user account is
added to the 'Guests' group, and is given the 'Log on locally' privilege. Using this account, an attacker can gain access
to sensitive information on the host. This information can be used in subsequent attacks. This signature detects access
to ‘persmbr/VsTmPr.asp’ file.