TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

491

492

493

494

495

496

497

498

499

500

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

492

Signature Description: The Post Office Protocol version 3 [POP3] is very widely used protocol for email

communication. RFC 2449 specifies the command line limit of Pop3 command as 255 octets, including the terminating

CRLF. IPS parse the traffic send on the port assigned to POP3 and parse and buffer each command line for better

detection capability. This log is generated when IPS find a POP3 command line length that exceeds 255 byte, the limit

set by the RFC 2449. Exceeding the limit may cause buffer overflow in the target system.

Signature ID: 15005

IChat ROOMS Webserver file disclosure vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0897 Nessus: 10110

Signature Description: IChat servers up to version 3.00 allow any remote user to read arbitrary files on the target

system by doing the request ../../../../etc/passwd to the ichat server on port 4080. Successful attack may get the sensitive

information of the vulnerable server.

Signature ID: 15006

LDAP allows null bases

Threat Level: Information

Nessus: 10722

Signature Description: Improperly configured LDAP servers will allow the directory BASE to be set to NULL. This

allows an attacker to collect information without any prior knowledge of the directory structure. Coupled with a NULL

BIND, an anonymous user can query your LDAP server using a tool such as LdapMiner.

Signature ID: 15007

Atrium Mercur Mailserver directory traversal attempt

Threat Level: Warning

Industry ID: CVE-2000-0318 Bugtraq: 1144 Nessus: 10382

Signature Description: Mercur Mailserver Versions upto 3.20.02 allows authorised user to view,modify some other

user mails. and also this server allows to access system files on the server. This rule hits when an attempt to access

Mercur Mailserver Versions and or before 3.20. Logged user can view all the files on the server by sending the pattern

like "../../" to view the files and folders on the server.

Signature ID: 15008

McAfee myCIO Directory Traversal

Threat Level: Warning

Industry ID: CVE-2001-1144 Bugtraq: 3020 Nessus: 10706

Signature Description: A host that runs McAfee's myCIO HTTP Server, is vulnerable to Directory Traversal. A

security vulnerability in the product allows attackers to traverse outside the normal HTTP root path, and this exposes

access to sensitive files.

Signature ID: 15015

Sawmill Information leak vulnerability

Threat Level: Warning

Industry ID: CVE-2000-0589

Bugtraq: 1403 Nessus: 10454

Signature Description: SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily

decrypt the password and modify the SawMill configuration. This rule detects any remote access to password file of

SawMill 5.0.21.