Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
71727374757677787980
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
72
Signature ID: 404
Microsoft IIS HTR ISAPI Extension Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0071 Bugtraq: 4474 Nessus: 10932,10943
Signature Description: HTR is a server-side scripting technology for IIS which has largely been supplanted by ASP.
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0
and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable
names, which permits the attacker to access with the privileges of the IWAM_computername account.
Signature ID: 409
Microsoft IIS Front Page Server Extension DoS Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0096 Bugtraq: 2144 Nessus: 10585
Signature Description: Microsoft IIS ships with Front Page Server Extensions (FPSE) which enables administrators
remote and local web page and content management. Browse-time support is another feature within FPSE which
provides users with functional web applications. It is vulnerable to remote denial of service attack usually called the
'malformed web submission' vulnerability. By supplying malformed data to one of the FPSE functions IIS will stop
responding. A restart of the service is required in order to gain normal functionality.
Signature ID: 410
AnalogX Web server Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0011 CVE-2000-0243 Bugtraq: 906,1076 Nessus: 10366
Signature Description: AnalogX SimpleServer:WWW is designed to be a simple web server for use with Microsoft
Windows operating environments. A remote attacker is able to connect to SimpleServer via telnet and makes an invalid
request to the server. Making a request consisting of about 640 '\x40' characters will cause the web server to crash. This
condition will cause the web server to crash and potentially lead to a buffer overflow condition. The vulnerable version
is AnalogX SimpleServer:WWW 1.16.0.
Signature ID: 412
Xylogics Annex Terminal Server DoS vulnerability
Threat Level: Warning
Industry ID: CVE-1999-1070
Nessus: 10017
Signature Description: Bay Networks has high-performance to streamline dial-up traffic for reliable transport over both
the public network and the Internet. For dial access, it is a multi-protocol support allows service providers to use one or
more industry-standard network protocols. Along with its full array of digital and analog remote access options. There
have been found serveral DoS attacks agaisnt Annex terminal servers from xylogics(bay). The vulnerability lies in the
ping CGI interface on the built-in Web server within the Xylogics Annex terminal servers, which does not validate user
input properly. It is possible to crash the remote Annex terminal by connecting to the HTTP port, and requesting the
'/ping' cgi with a too long argument (at least 64 characters). The vulnerable platform is Xylogics Annex Terminal
Server.
Signature ID: 413
CISCO Switch View-source DoS Vulnerability
Threat Level: Warning
Nessus: 10682
Signature Description: Cisco switches have web interface to manage device remotely. Few versions of switches suffer
from a DoS vulnerability. By sending an HTTP request with URI, "http://switch-server/cgi-bin/view-source?/" the