Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
71727374757677787980
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
71
vulnerability allows an attacker to access sensitive information on the vulnerable system. This signature specifically
detects "pwdump3.exe" pattern in the traffic sent to the http server.
Signature ID: 401
Apache Web Server Chunked Transfer Encoding Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2002-0392 Bugtraq: 5033 Nessus: 11030,12305
Signature Description: Apache is a web server that includes support for chunked transfer encoding according to the
HTTP 1.1 standard. By chunked transfer encoding a sender can split the message body into chunks of arbitrary length,
and send them separately. Apache HTTP Server versions 1.2.2 and later, 1.3 up to and including 1.3.24, and 2.0 up to
and including 2.0.36 are vulnerable to a heap buffer overflow vulnerability in the handling of certain chunk-encoded
HTTP requests. By constructing a crafted HTTP request packet with chunk length greater than 0x7fffffff and sending it
to a vulnerable Apache server may crash the server or allow execution of arbitrary code. Upgrade to the latest version
of Apache HTTP Server. Several OS that use Apache server are also vulnerable. Their respective vendors has given a
patch for this issue.
Signature ID: 402
Chunked encoding Handling Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0079 CVE-2002-0071 CVE-2002-0392 Bugtraq: 4485,4474,5033 Nessus:
11030,10935,10932,10943,12305
Signature Description: Chunked Transfer Encoding is one of many ways in which an HTTP server may transmit data
to it's clients. Normally, data delivered in HTTP responses is sent in one piece, whose length is indicated by the
Content-Length header field. The length of the data is important, because the client needs to know where the response
ends and any following response starts. With chunked encoding however, the data is broken up into a series of blocks
of data and transmitted in one or more 'chunks' so that a server may start sending data before it knows the final size of
the content that it's sending. IIS is a set of Internet-based services produced by Microsoft for servers using Microsoft
Windows. The Apache HTTP Server is a web server developed and maintained by an open community of developers
under the auspices of the Apache Software Foundation. Apache Web Server versions 1.2.x to 2.0.36(inclusive) contain
a flaw that allows a remote attacker to execute arbitrary code. The issue is due to the mechanism that calculates the size
of "chunked" encoding not properly interpreting the buffer size of data being transferred. By sending a specially crafted
chunk of data, an attacker can possibly execute arbitrary code or crash the server. Microsoft Internet Information Server
(IIS) versions 4.0 and 5.0 are vulnerable to the heap based buffer overflow. If the function that enables the chunked
encoding data transfer mechanism, which is part of the ISAPI (Internet Services Application Programming Interface)
extension that implements Active Server Pages (ASP). By sending a specially-crafted chunk of data that causes the
incorrect buffer size to be allocated, a remote attacker could overflow a buffer and execute arbitrary code on the system
or cause the IIS service to fail.
Signature ID: 403
BugZilla DoEditVotes.CGI Login Error Information Leak Vulnerability
Threat Level: Information
Industry ID: CVE-2002-0011 Bugtraq: 3800
Signature Description: Bugzilla is a bug-tracking database program developed by Mozilla for reporting and assigning
bugs. A vulnerability in the doeditvotes.cgi script in Bugzilla versions 2.14 and earlier could allow a remote attacker to
obtain sensitive information. Sensitive information is disclosed to the user when a bad login to doeditvotes.cgi occurs,
which may be potentially used for malicious purposes.