TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
576
link. Vulnerable platforms are Microsoft Windows XP Professional, Microsoft Windows XP Home, Microsoft
Windows XP 64-bit Edition.
Signature ID: 21129
Microsoft Windows DHTML Edit Control ActiveX Cross-Domain Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-1319
Bugtraq: 11950
Signature Description: The DHTML Editing Component ActiveX control provides an HTML editor, use to support
dynamic Web site HTML editing in software.A cross-domain vulnerability exists in the Microsoft Dynamic HTML
(DHTML) Editing Component ActiveX control.The vulnerability is caused due to an error in the DHTML Edit
ActiveX control when handling the "execScript()" function in certain situations. This can be exploited to execute
arbitrary script code in a user's browser session in context of an arbitrary site. When a webpage is requested and if the
webpage instructs to use DHTML Edit Control, it opens the page in the same domain as the host. When used with a
certain combination of script commands such as execScript function, the DHTML Editing Control can open the content
of an arbitrary web page in any domain, regardless of the domain of the host page. An attacker could exploit this
vulnerability by constructing a malicious web page that could potentially allow remote code execution if a user visited
that page. Microsoft Windows Systems are affected to this vulnerability.
Signature ID: 21131
HTTP SEARCH Method Use Vulnerability
Threat Level: Warning
Industry ID: CVE-2003-0226 Bugtraq: 7735
Signature Description: Microsoft Internet Information Services has been reported vulnerable to a denial of service. If
an attacker sends a Webdav request with a body over 49,153 bytes using the 'PROPFIND' or 'SEARCH' request
methods, and IIS will automatically restart and normal service will resume. All web server, email, and active ftp
connections will be terminated, along with a disruption of future sessions during the time it takes IIS to restart.
Signature ID: 21132
Long URI with HTTP SEARCH Method Vulnerability
Threat Level: Severe
Industry ID: CVE-2003-0226 Bugtraq: 7735
Signature Description: The Method field in HTTP indicates the method to be performed on the object identified by the
URL. There are many well-known METHODS that HTTP uses very frequently, like GET, POST etc. There is a new
method called SEARCH, which is used to search text in the server side response. The use of this method is not very
common and there have been vulnerabilities reported in MS IIS 5.0 with this method. When WebDAV receives
excessively long requests to the 'PROPFIND' or 'SEARCH' variables, the IIS service will fail. All current web, FTP,
and email sessions will be terminated. IIS will automatically restart and normal service will resume. The effect of an
attack via this vulnerability would only last as long as a continuous stream of requests was directed at an affected
server, after which point normal service would automatically resume.
Signature ID: 21133
Microsoft IIS WebDAV SEARCH Method DoS Vulnerability
Threat Level: Critical
Industry ID: CVE-2003-0226 Bugtraq: 7735
Signature Description: The Method field in HTTP indicates the method to be performed on the object identified by the
URL. There are many well-known METHODS that HTTP uses very frequently, like GET, POST etc. There is a new
method called SEARCH, which is used to search text in the server side response. The use of this method is not very
common and there have been vulnerabilities reported in MS IIS 5.0 with this method. When WebDAV receives