Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
57
is possible for a remote user to manipulate the contents of '$DOCUMENT_URI' environment variable so that they will
be executed with the UID of the httpd process when parsed by the interpreter. A malicious user can hence execute
arbitrary commands on the web server.
Signature ID: 330
ColdFusion fileexists.cfm file status information disclosure vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0923
Signature Description: ColdFusion is an application server and software development framework used for the
development of computer software in general, and dynamic web sites in particular. ColdFusion Server 4.0 contains a
flaw that allows a remote attacker to confirm the existence of any file on the server. The flaw is due to insufficient
checking of arguments passed to the fileexists.cfm script.
Signature ID: 331
ColdFusion sourcewindow.cfm arbitrary file disclosure vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0922 Bugtraq: 3154
Signature Description: ColdFusion is an application server and software development framework used for the
development of computer software in general, and dynamic web sites in particular. A vulnerability in ColdFusion
Server 4.0 sample program 'sourcewindow.cfm' could allow remote attackers to read any file on the system. An
attacker can use this information to make more focused attacks.
Signature ID: 332
ColdFusion viewexample.cfm arbitrary file disclosure vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0923
Signature Description: ColdFusion is an application server and software development framework used for the
development of computer software in general, and dynamic web sites in particular. ColdFusion Server 4.0 contains a
flaw that allows a remote attacker to gain sensitive information. The flaw is due to insufficient checking of arguments
passed to the 'viewexample.cfm' script. This could allow the attacker to view any file on the server. An attacker can use
this information to make more focused attacks.
Signature ID: 333
ColdFusion Syntax Checker DoS Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0924
Signature Description: ColdFusion is an application server and software development framework used for the
development of computer software in general, and dynamic web sites in particular. ColdFusion Server 4.0 contains a
flaw that allows a remote attacker to cause a denial of service. The flaw is due to insufficient checking of arguments
passed to the Syntax Checker program.
Signature ID: 334
Bnbform CGI File Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0937
Bugtraq: 2147
Signature Description: BNBForm is a form processing script by BigNoseBird. BNBForm supports automatic form-to-
email processing of user submitted forms. A vulnerability in how this is implemented could allow a remote attacker to
receive arbitrary files on the vulnerable server. This signature triggers an alarm when any access to bnbform.cgi is
detected.