TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
483
the affected system. Successful exploitation of this issue will allow a malicious user to execute arbitrary commands on
the affected system through /plugins/framework/script/tree.xms on WriteToFile pattern.
Signature ID: 12319
HP Web Jetadmin Printer Firmware Update Script Arbitrary File Upload Weakness
Threat Level: Information
Industry ID: CVE-2004-1856 Bugtraq: 9971,9979
Signature Description: HP JetAdmin software manages HP JetDirect-connected printers using a Web browser.
JetAdmin version 7.5.2546 and possibly other versions could allow a remote authenticated attacker to upload malicious
files to the system. If the password for HP JetAdmin has not been set, a remote attacker could use the
/plugins/hpjwja/script/devices_update_printer_fw_upload.hts script to upload an arbitrary file to the
/plugins/hpjwja/firmware/printer/ directory.
Signature ID: 12320
HP Web JetAdmin setinfo.hts directory traversal
Threat Level: Information
Industry ID: CVE-2004-1857 Bugtraq: 9972
Signature Description: HP JetAdmin software manages HP JetDirect-connected printers using a Web browser.
JetAdmin version 7.5.2546 and possibly other versions could allow a remote authenticated attacker to traverse
directories on the Web server and view and execute files. A remote authenticated attacker could create a specially-
crafted URL request to the setinfo.hts script containing "dot dot" sequences (../) to traverse directories and view
arbitrary files outside of the Web root directory and execute arbitrary HTS files on the system.
Signature ID: 12321
Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
Threat Level: Information
Signature Description: The implementation of the Remote Data Protocol (RDP) in the terminal service in Windows NT
4.0 and Windows 2000 does not correctly handle a particular series of data packets. If such a series of packets were
received by an affected server, it would cause the server to fail. The server could be put back into normal service by
rebooting it, but any work in progress at the time of the attack would be lost. It would not be necessary for an attacker
to be able to start a session with an affected server in order to exploit this vulnerability - the only prerequisite is to be
able to send the correct series of packets to the RDP port on the server.
Signature ID: 12323
Microsoft Windows Terminal Server Service DoS Vulnerability
Threat Level: Information
Industry ID: CVE-2001-0540 Bugtraq: 3099
Signature Description: The Windows 2000 Terminal Service and Windows NT 4.0 Terminal Server Edition contains a
memory leak in one of the functions that processes incoming Remote Data Protocol (RDP) data via port 3389. Each
time a RDP packet containing a specific type that is malfored is processed, the memory leak depletes overall server
memory by a small amount. If an attacker sent a sufficiently large quantity of such data to an affected machine, he
could deplete the machine's memory to the point where response time would be slowed or the machine's ability to
respond would be stopped altogether. All system services would be affected, including but not limited to terminal
services. Normal operation could be restored by rebooting the machine.
Signature ID: 12324
Microsoft PPTP Start Control Request buffer overflow attempt
Threat Level: Information
Industry ID: CVE-2002-1214
Bugtraq: 5807