TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
677
character at the end. The vendor has issued a fix in the version 3.1.18. This signature triggers when pattern comes like
"\x2e\x2e".
Signature ID: 30171
Barracuda Spam Firewall IMG.PL Directory Traversal and Remote Code Execution
Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-2847
CVE-2005-2848 Bugtraq: 14712,14710
Signature Description: Barracuda Spam Firewall is a hardware and software solution to protect email servers.
Barracuda Spam Firewall firmware 3.1.17 and prior versions are prone to a remote arbitrary command execution
vulnerability. The '/cgi-bin/img.pl' script does not properly validate user-supplied input in the 'f' parameter. A remote
user can supply a specially crafted parameter value containing '../' directory traversal characters to view files on the
target system. A remote user can also exploit this flaw to execute arbitrary commands on the target system by using a '|'
character at the end. The vendor has issued a fix in the version 3.1.18. This signature triggers when pattern comes like
"%2e%2e".
Signature ID: 30172
HTTP Request with Large Host Field Value
Threat Level: Severe
Industry ID: CVE-2005-4085 CVE-2006-4509 Bugtraq: 16147,20663
Signature Description: The Host request-header field specifies the Internet host and port number of the resource being
requested. A client must include a Host header field in all HTTP/1.1 request messages. Usually this field occupy few
number of characters. If a request comes including a Host field with a large string, it can be treated as suspicious.
BlueCoat WinProxy is an Internet sharing proxy server designed for small to medium businesses. WinProxy version
6.0 is vulnerable to this kind of attack. By sending an overly long Host header to the Web proxy service, a remote
attacker could overflow a buffer and execute arbitrary code on the system. Upgrade to the version 6.1a or later.
Signature ID: 30174
Microsoft Front Page Server Extensions Visual Studio RAD Support Buffer Overflow
Vulnerability
Threat Level: Critical
Industry ID: CVE-2001-0341
Bugtraq: 2906 Nessus: 10699
Signature Description: Microsoft FrontPage is a HTML editor and web site administration tool from Microsoft for
Windows. Front Page Server Extensions allows Microsoft FrontPage clients to communicate with web servers, and
provide additional functionality intended for websites. Microsoft FrontPage Server Extensions (FPSE) for Windows
NT and Windows 2000 is vulnerable to a buffer overflow in the Visual Studio RAD (Remote Application Deployment)
Support sub-component. FrontPage Server Extensions are used in Microsoft Internet Information Server (IIS) versions
4.0 and 5.0. The DLL fp30reg.dll in FPSE when receives a URL request that is longer than 258 bytes, a stack based
buffer overflow will occur. An attacker could exploit this vulnerability to execute arbitrary code on the system and
possibly gain complete control over the affected Web server. Apply the appropriate patch for your system, as listed in
Microsoft Security Bulletin MS03-051.
Signature ID: 30175
IA Webmail Server GET Request Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2003-1192
Bugtraq: 8965
Signature Description: IA WebMail Server is an email server for Microsoft Windows operating systems. IA WebMail
Server version 3.1.0 and possibly earlier versions are vulnerable to a buffer overflow. A remote attacker can send a
long HTTP GET request to overflow a buffer and execute arbitrary code on the system. Vendor hasn't issued any