TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
671
can exploit this vulnerability by sending a specially crafted ClientHello message that contains a long list of cipher
codes to the target server. Successful exploitation would allow for executing arbitrary code with the privileges of the
application using the OpenSSL library. Upgrade to the latest version of OpenSSL (0.9.7l or 0.9.8d or later). Also most
of the vendors that use vulnerable OpenSSL has released patches.
Signature ID: 30081
Chargen DoS Attempt
Threat Level: Severe
Signature Description: This signature fires when a UDP packet is detected with a source port of 7 and a destination
port of 19.The chargen (port 19) and echo (port 7) services can be spoofed by the attacker into sending data from one
service to another.This action causes an infinite loop and creates a denial of service attack.The attack can consume
increasing amounts of network bandwidth, causing loss of performance or a total shutdown of the affected network
segments.
Signature ID: 30082
IBM WebSphere Application Server Administration Console Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1872 Bugtraq: 13853
Signature Description: IBM WebSphere Application Server is a Java based software application server. A buffer
overflow vulnerability exists in IBM WebSphere Application Server version 5.0 due to improper boundary checking of
user-supplied input in the authentication mechanism of the Administrative Console. If the global security option is
enabled, a remote attacker could use this vulnerability to overflow a buffer and execute arbitrary code on the system.
The vulnerable Administration Console uses port 9080/TCP(HTTP), 9090/TCP(HTTP) and 9043/TCP(HTTPS). Apply
the WebSphere Application Server 5.0.2 Cumulative Fix 11 that is available from IBM. This signature triggers on using
TCP port 9080.
Signature ID: 30083
IBM WebSphere Application Server Administration Console Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1872 Bugtraq: 13853
Signature Description: IBM WebSphere Application Server is a Java based software application server. A buffer
overflow vulnerability exists in IBM WebSphere Application Server version 5.0 due to improper boundary checking of
user-supplied input in the authentication mechanism of the Administrative Console. If the global security option is
enabled, a remote attacker could use this vulnerability to overflow a buffer and execute arbitrary code on the system.
The vulnerable Administration Console uses port 9080/TCP(HTTP), 9090/TCP(HTTP) and 9043/TCP(HTTPS). Apply
the WebSphere Application Server 5.0.2 Cumulative Fix 11 that is available from IBM. This signature triggers on using
TCP port 9090.
Signature ID: 30084
OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3738 CVE-2007-5135 Bugtraq: 20249
Signature Description: OpenSSL is an open source implementation of the SSL protocol. A remotely exploitable buffer
overflow vulnerability exists in OpenSSL versions 0.9.7-0.9.8. The vulnerability specifically exists in the function
SSL_Get_Shared_Ciphers function which extracts the cipher codes from the ClientHello message. A remote attacker
can exploit this vulnerability by sending a specially crafted ClientHello message that contains a long list of cipher
codes to the target server. Successful exploitation would allow for executing arbitrary code with the privileges of the
application using the OpenSSL library. Upgrade to the latest version of OpenSSL (0.9.7l or 0.9.8d or later). Also most
of the vendors that use vulnerable OpenSSL has released patches. This rule looks for the attack pattern on the
destination port 993.