Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
64
Signature ID: 364
URI Self-Reference Directory vulnerability
Threat Level: Information
Nessus: 11007
Signature Description: This is an anti IIPS evasion technique. A newer trick in the 'directory games' category is the
self-referencing directory. While '..' means the parent directory, '.' means the current directory. So "c:\temp\.\.\.\.\.\" is
equivalent to "c:\temp\". In an effort to stop the raw ID systems from matching signatures like "/cgi-bin/phf", we can
change the string to "/./cgi-bin/./phf". This rule hits when system detects a HTTP request with above-mentioned trick.
Signature ID: 365
Long HTTP Request Line Detected vulnerability
Threat Level: Information
Signature Description: This rule is triggered when an URL of length more than the configured value is detected. Most
of the time, under normal conditions, URL of such a big length is not sent. The presence of such a lengthy URL is
suspicious. It is possible to do a buffer overflow attack in the remote http server when it is given a very long http
request line. An attacker may use it to execute arbitrary code on the host.
Signature ID: 366
Premattured URL request vulnerability
Threat Level: Information
Signature Description: This rule will trigger when the users send \r and \n characters in the encoded format. The actual
URL will be sent \r and \n characters after the encoded. A remote attacker could exploit this vulnerability to execute
arbitrary commands on the system.
Signature ID: 367
HTTP Large Cookie Field Received vulnerability
Threat Level: Critical
Signature Description: The Hypertext Transfer Protocol (HTTP) is an application-level protocol for
distributed,collaborative, hypermedia information systems. There are many header fields in HTTP request. It has been
reported that there is a possibility of buffer overflow in any of these fields. This rule triggers when a cookie field data
exceeds 6K bytes.
Signature ID: 368
GET or HEAD HTTP Request Packet with Data in Message Body vulnerability
Threat Level: Critical
Signature Description: This rule triggers when an attempt is made to send some data in message body (data portion) of
a HTTP request when GET or HEAD method is used. When a request is made using either of these methods data will
be usually sent as part of URL. If content is observed in data portion this can be treated as an anomaly. But RFC doesn't
say anything about sending data as part of message body in a HTTP request when GET or HEAD method is used.
Signature ID: 369
HTTP URI Invalid UTF 16 Encoding vulnerability
Threat Level: Information
Signature Description: In order to represent characters beyond ASCII, Unicode is introduced, which allows to have
character values much beyond ASCII (256). In order to represent those Unicode points, there are many encoding
schemes and UTF-16 is one of them. UTF-16 encodes each Unicode character using either one or two 16-bit words (i.e.
two or four bytes), depending on the code point of the character. Unicode assigns each character a code point between
U+000000 and U+10FFFF. Depending upon the language and Unicode page, different codes can mean different