Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
58
Signature ID: 335
BNB survey.cgi CGI arbitrary command execution Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0936 Bugtraq: 1817
Signature Description: The Common Gateway Interface (CGI) is a standard protocol for interfacing external
application software with an information server, commonly a web server. Big Nose Bird Survey.cgi is a free and simple
'Web Survey' program. Due to insufficient checking of arguments in BNBSurvey 1.0, shell metacharacters (such as the
pipe '|' character, redirection characters '>' and '<') in user supplied input are not filtered. This allows an attacker to
execute shell commands with the privileges of the web server.
Signature ID: 336
Multiple vulnerabilities in Classifieds.cgi CGI script
Threat Level: Warning
Industry ID: CVE-1999-0934 CVE-1999-0935 Bugtraq: 2020
Signature Description: Classifieds.cgi is a perl script that is part of the classifieds package by Greg Matthews. This
CGI script provides management functionality for classified ads on web sites. Due to insufficient validation of user
input, an attacker can read arbitrary files and execute arbitrary commands with the privileges of the web server. One of
the vulnerable fields is the form field used for e-mail address details. The other attribute is a hidden variable in a CGI
form.
Signature ID: 337
Counter.exe CGI DoS Vulnerability
Threat Level: Severe
Industry ID: CVE-1999-1030 Bugtraq: 267
Signature Description: The Common Gateway Interface (CGI) is a standard protocol for interfacing external
application software with an information server, commonly a web server. counter.exe is a web hit counter program. A
set of vulnerabilities in Behold! Software Web Page Counter 2.7 enables denial of service attacks. These are possible
due to insufficient input validation. This signature detects DoS attack attempts caused due to a long URI string.
Signature ID: 340
Novell files.pl arbitrary file access vulnerability
Threat Level: Warning
Industry ID: CVE-1999-1081
Signature Description: NetWare is a network operating system developed by Novell, Inc. Netware comes with a set of
services for TCP/IP stack, one of which is a web server.The Common Gateway Interface (CGI) is a standard protocol
for interfacing external application software with an information server, commonly a web server. In Novell Web Server
1.0 Examples Toolkit, a vulnerability in the files.pl script allows a remote attacker to view the contents of any file or
directory on vulnerable servers with the privileges of the user owning the server process.
Signature ID: 341
View-Source CGI arbitrary file access vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0174
Bugtraq: 2251
Signature Description: The Common Gateway Interface (CGI) is a standard protocol for interfacing external
application software with an information server, commonly a web server. SCO Skunkware is a collection of Open
Source software projects ported, compiled, and packaged for free redistribution on SCO operating environments. The
'view-source' CGI script in SCO Skunkware 2.0 could allow a remote attacker to view files on the Web server. By
accessing the view-source script with specially formatted arguments, a remote attacker can view the contents of any file