TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
674
triggers the overflow. Attackers can exploit this buffer overflow to cause a denial of service, or execute arbitrary code
on the vulnerable machine with the privileges of the victim.
Signature ID: 30095
Apache Tomcat Directory Listing Information Disclosure
Threat Level: Warning
Industry ID: CVE-2006-3835
Bugtraq: 19106
Signature Description: Apache Tomcat is a web container developed at the Apache Software Foundation and it is used
in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. Apache Tomcat could
disclose sensitive information. A remote attacker could send a specially-crafted URL request for a mapped file
prepended with a semicolon ' ; ' to obtain a directory listing. A remote attacker could exploit this vulnerability to obtain
sensitive information. Apache Tomcat versions 5.0.28, 5.5.12, 5.5.7, 5.5.9 are vulnerable. Upgrade to the latest version
of Apache (5.5.17 or later).
Signature ID: 30096
Sky Software FileView ActiveX Control Arbitrary Command Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-5198 CVE-2006-3890 Bugtraq: 21060,21108
Signature Description: The Sky Software FileView object is an ActiveX control that is provided with several
applications, such as WinZip. This ActiveX control contains several unsafe methods, but is marked "safe for scripting"
and "safe for initialization". For example, some of the methods of this ActiveX control allow an attacker to open, copy,
delete, or execute arbitrary files on the target computer. By convincing a user to view a specially crafted HTML
document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary
commands with the privileges of the user. An attacker may also be able to perform other file system activities, such as
copying or deleting files. This signature detects traffic using the vulnerable CLSID '247D857F-1034-4AA6-BB1A-
347D1A3340C8'.
Signature ID: 30097
Sky Software FileView ActiveX Control Arbitrary Command Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-5198 CVE-2006-3890 Bugtraq: 21060,21108
Signature Description: The Sky Software FileView object is an ActiveX control that is provided with several
applications, such as WinZip. This ActiveX control contains several unsafe methods, but is marked "safe for scripting"
and "safe for initialization". For example, some of the methods of this ActiveX control allow an attacker to open, copy,
delete, or execute arbitrary files on the target computer. By convincing a user to view a specially crafted HTML
document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary
commands with the privileges of the user. An attacker may also be able to perform other file system activities, such as
copying or deleting files. This signature detects traffic using the vulnerable CLSID '551E5AC9-BDBD-48EC-8AE2-
ECAF90C7A214'.
Signature ID: 30098
Sky Software FileView ActiveX Control Arbitrary Command Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-5198 CVE-2006-3890 Bugtraq: 21060,21108
Signature Description: The Sky Software FileView object is an ActiveX control that is provided with several
applications, such as WinZip. This ActiveX control contains several unsafe methods, but is marked "safe for scripting"
and "safe for initialization." For example, some of the methods of this ActiveX control allow an attacker to open, copy,
delete, or execute arbitrary files on the target computer. By convincing a user to view a specially crafted HTML
document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary