Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
51
Signature ID: 279
CVS Entries access misconfiguration vulnerability
Threat Level: Warning
Nessus: 10922
Signature Description: Access to 'CVS/Entries' path is detected by this signature. Access to this path exposes all file
names in CVS module on the web server. This may give sensitive information to a malicious user. He can use this
information to make more focused attacks to gain access to these files.
Signature ID: 280
IIS ASP.NET Application Trace log retrieval vulnerability
Threat Level: Warning
Nessus: 10993
Signature Description: Microsoft Internet Information Server (IIS) is a popular web server package for Windows based
platforms. ASP.NET is a web application framework developed and marketed by Microsoft, that programmers can use
to build dynamic web sites, web applications and web services. The ASP.NET web application running in the root
directory of the web server has application tracing enabled. This allows an attacker to view the last 50 web requests
made to the web server, including sensitive information like Session ID values and the physical path to the requested
file. An attacker can use this information to make more focused attacks.
Signature ID: 281
BroadVision One-To-One Enterprise Physical Path Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0031 Bugtraq: 2088 Nessus: 10686
Signature Description: BroadVision One-To-One Enterprise is a scalable e- business application platform.
BroadVision One-To-One Enterprise 1.0 allows remote attackers to determine the physical path of server files by
requesting a non existent '.JSP' file. An attacker can use this information to make more focused attacks.
Signature ID: 282
ASP.NET Cross Site Scripting Vulnerability
Threat Level: Warning
Industry ID: CVE-2003-0223
Bugtraq: 7731 Nessus: 10844
Signature Description: Microsoft Internet Information Server (IIS) is a popular web server package for Windows based
platforms. ASP.NET is a web application framework developed and marketed by Microsoft, that programmers can use
to build dynamic web sites, web applications and web services. In Microsoft IIS 4.0 to 5.1 (inclusive), Cross-site
scripting vulnerability (XSS) in the ASP function responsible for redirection allows remote attackers to embed a URL
containing a client side script. This script will execute when redirection message from server is displayed.
Signature ID: 283
AlienForm CGI script vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0934 Bugtraq: 4983 Nessus: 11027
Signature Description: The Common Gateway Interface (CGI) is a standard protocol for interfacing external
application software with an information server, commonly a web server. AlienForm2 is an interface to the email
gateway written in Perl and is maintained by Jon Hedley. The cgi is typically installed as 'af.cgi' or 'alienform.cgi'. In
Jon Hedley AlienForm2 1.5, directory traversal vulnerability allows remote attackers to read or modify or create
arbitrary files via '.|.%2F' character sequence in the _browser_out parameter or _out_file parameter. This signature
detects attacks on 'af.cgi' program.