Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
66
FastCGI is vulnerable to a cross site scripting. This rule generates an event when an attacker sent fcgi-bin/echo.exe
pattern to the http server.
Signature ID: 375
FastCGI Echo2.exe Cross Site Scripting vulnerability
Threat Level: Information
Nessus: 10838
Signature Description: FastCGI is an open extension to CGI that provides high performance without the limitations of
server specific APIs, and is included in the default installation of the Oracle9i Application Server. Various other web
servers support the FastCGI extensions. Two sample CGI's are installed with FastCGI(echo.exe and echo2.exe under
Windows). Both of these CGI's output a list of environment variables and path information for various applications.
FastCGI is vulnerable to a cross site scripting. This rule generates an event when an attacker sent echo2.exe? pattern to
the http server.
Signature ID: 376
Apache Remote Command Execution via .bat files vulnerability
Threat Level: Information
Industry ID: CVE-2002-0061 Bugtraq: 4335 Nessus: 10938
Signature Description: The Apache HTTP Server is a freely available web server that runs on a variety of operating
systems including Unix, Linux, and Microsoft Windows. Apache supports the Common Gateway Interface (CGI) that
defines a standard interface between the HTTP server and external applications. Apache HTTP Server 1.3.9 is
vulnerable. If a remote attacker sends a request for a .bat or .cmd DOS batch file appended with the pipe character "|"
followed by arbitrary commands, the attacker could use the cmd.exe shell interpreter to execute arbitrary commands on
the vulnerable system. This vulnerability is fixed in 1.3.24 version. Administrators are advised to update 1.3.24 or later
version to resolve this vulnerability.
Signature ID: 377
Nethief Virus/Trojan vulnerability
Threat Level: Information
Signature Description: Trojan horses are malicious program which usually hacker used to bind it with some other
application or process like, Greeting cards or Games etc.When the user opens or triggers, then the malicious program
will sit in the users computer and tries to open a backdoor silently and give a way to an attacker to take full control of
the user and can exploit the user. This trojan copies itself with the name IEXPLORER.EXE (the real one is
IEXPLORE.EXE), and seems to be using it as the USER-AGENT. The trojan (apparently) targets only Win32
operating system.
Signature ID: 378
Directory.php Shell Command Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2002-0434 Bugtraq: 4278 Nessus: 11017
Signature Description: The directory.php script provides a web interface for directory listings, similar to the 'ls'
command. Xenakis directory.php is vulnerable to shell command execution. This vulnerability is due to insufficient
sanitization of user supplied meta characters such as ";" or "|" in the script's input. No remedy is available as of
September 13, 2008.
Signature ID: 379
Php POST file uploads vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0081 Bugtraq: 4183 Nessus: 10867