TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
667
Signature ID: 30064
Oracle Application Server Forms Command Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-2372
Bugtraq: 14319
Signature Description: Oracle Forms Services is a framework based upon application server technology that has been
optimized to deploy Oracle Forms applications in a multi-tiered environment. Oracle Forms Service versions 4.5, 5.0,
6.0, 6i, 9i, and 10g could allow a remote attacker to execute arbitrary Oracle Form Files on the system. Oracle Forms
Services starts forms executables (*.fmx) from any directory and any user on the application server. An attacker can
upload a form executable via WebDav. The attacker could then send a specially-crafted form or module parameter to
cause the server to execute the malicious file onto the targeted user's system. The file will be executed with Oracle user
privileges on a Unix operating system and with SYSTEM privileges on a Windows-based system. No patch
information is available but some workarounds are suggested. This signature detects traffic that can trigger the
vulnerability on TCP port 8889.
Signature ID: 30065
Oracle Application Server Forms Command Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-2372 Bugtraq: 14319
Signature Description: Oracle Forms Services is a framework based upon application server technology that has been
optimized to deploy Oracle Forms applications in a multi-tiered environment. Oracle Forms Service versions 4.5, 5.0,
6.0, 6i, 9i, and 10g could allow a remote attacker to execute arbitrary Oracle Form Files on the system. Oracle Forms
Services starts forms executables (*.fmx) from any directory and any user on the application server. An attacker can
upload a form executable via WebDav. The attacker could then send a specially-crafted form or module parameter to
cause the server to execute the malicious file onto the targeted user's system. The file will be executed with Oracle user
privileges on a Unix operating system and with SYSTEM privileges on a Windows-based system. No patch
information is available but some workarounds are suggested. This signature detects traffic that can trigger the
vulnerability on TCP port 9000.
Signature ID: 30066
Oracle Reports Server Unauthorized Report Execution Vulnerability
Threat Level: Warning
Bugtraq: 14316
Signature Description: Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and
inserts it into a formatted report. Oracle Reports Service 6.0, 6i, 9i and 10g could allow a remote attacker to execute
arbitrary Oracle report on the system. Oracle Reports starts reports executables (*.rep or *.rdf) from any directory and
any user on the application server. An attacker can upload a report executable via WebDav. The attacker could then
send a specially-crafted report parameter to cause the server to execute the malicious file onto the targeted user's
system. The file will be executed with Oracle user privileges on a Unix operating system and with SYSTEM privileges
on a Windows-based system. No patch information is available but some workarounds are suggested. Allowing only
trusted users access to Oracle Reports may reduce the chances of exploitation. This signature detects attack traffic on
TCP port 7779.
Signature ID: 30067
Oracle Reports Server Unauthorized Report Execution Vulnerability
Threat Level: Warning
Bugtraq: 14316
Signature Description: Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and
inserts it into a formatted report. Oracle Reports Service 6.0, 6i, 9i and 10g could allow a remote attacker to execute
arbitrary Oracle report on the system. Oracle Reports starts reports executables (*.rep or *.rdf) from any directory and