Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
48
Signature ID: 262
MS Site Server Information disclosure vulnerability
Threat Level: Warning
Industry ID: CVE-2002-1769 Bugtraq: 3998 Nessus: 11018
Signature Description: Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It
provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce
Edition incorporates the same features as well as providing an interface for e-commerce sites to interact and conduct
business with customers and suppliers. Microsoft Site Server 3.0 prior to SP4 has a default user called
‘LDAP_Anonymous’ with a default password as ‘LdapPassword_1’. This user account is
added to the 'Guests' group, and is given the 'Log on locally' privilege. Using this account, an attacker can gain access
to sensitive information on the host. This information can be used in subsequent attacks. This signature detects access
to ‘persmbr/VsLsLpRd.asp’ file.
Signature ID: 263
MS Site Server Information disclosure vulnerability
Threat Level: Warning
Industry ID: CVE-2002-1769 Bugtraq: 3998 Nessus: 11018
Signature Description: Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It
provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce
Edition incorporates the same features as well as providing an interface for e-commerce sites to interact and conduct
business with customers and suppliers. Microsoft Site Server 3.0 prior to SP4 has a default user called
‘LDAP_Anonymous’ with a default password as ‘LdapPassword_1’. This user account is
added to the 'Guests' group, and is given the 'Log on locally' privilege. Using this account, an attacker can gain access
to sensitive information on the host. This information can be used in subsequent attacks. This signature detects access
to &lsquo;persmbr/VsPrAuoEd.asp&rsquo; file.<br>
Signature ID: 264
Lotus Domino Banner Information Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0245 CVE-2002-0408 CVE-2002-0245 Bugtraq: 4049 Nessus: 11009
Signature Description: Lotus Domino is a server product that provides enterprise-grade e-mail and collaboration
capabilities from IBM. When a non existant perl script is requested in Lotus Domino 5.0.9 and prior with
&lsquo;NoBanner&rsquo; set to 1, the server returns an error message(500) that discloses the physical path of the web
root and the server version information.
Signature ID: 265
IIS 404 error XSS vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0150 CVE-2002-0148 CVE-2002-0074 Bugtraq: 4476,4483,4486 Nessus: 10936
Signature Description: Microsoft Internet Information Server (IIS) is a popular web server package for Windows based
platforms. In IIS 4.0, 5.0 and 5.1, cross-site scripting vulnerability allows remote attackers to execute arbitrary scripts
via a HTTP error page. The default '404' error page returned by IIS uses scripting to output a link to top level domain
part of the url requested. By crafting a special URL it is possible to insert arbitrary script into the page for execution.
The presence of this vulnerability also indicates the presence of multiple vulnerabilities as reported in Microsoft
security bulletin MS02-018 (various remote buffer overflow and cross site scripting attacks).