TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
739
attempts of this vulnerability are detected using a combination of two signatures. This is the second signature and
generates a log message.
Signature ID: 32633
FTP 3Com 3CDaemon Multiple Remote Vulnerabilities
Threat Level: Severe
Industry ID: CVE-2005-0277 Bugtraq: 12155
Signature Description: 3CDaemon is reportedly prone to multiple vulnerabilities.These issues may allow an attacker to
crash the application, disclose sensitive information, and potentially execute arbitrary code on a vulnerable
computer.3CDaemon also discloses sensitive information when a request for certain MS-DOS device names is carried
out.This type of sensitive information may be used in further attacks against the computer.3CDaemon 2.0 revision 10 is
reported prone to these vulnerabilities, however, other versions may also be affected.
Signature ID: 32634
HTTP IIS 5.0 Source Code Disclosure
Threat Level: Severe
Industry ID: CVE-2000-0778 Bugtraq: 1578
Signature Description: Microsoft Internet Information Server (IIS) 5.0, which ships with Windows 2000, could reveal
the source code of server-side scripts, such as Active Server Pages (.ASP files).A remote attacker can send a file HTTP
GET request that contains a specialized header ("Translate: f" ), and one of several particular characters at the end, to
cause the Web server to send the source code of the file to the attacker.
Signature ID: 32635
HTTP IIS Cross site scripting .htw
Threat Level: Severe
Industry ID: CVE-2000-0942 Bugtraq: 1861
Signature Description: Using specially designed URLs, IIS 5.0 may return user specified content to the browser.A
cross-site scripting vulnerability has been reported in Microsoft Indexing Services for Windows 2000/NT4 and its
handling of the .htw extension.This poses great security risk, especially if the browser is JavaScript enabled and the
problem is greater in IE. By clicking on links, just visiting hostile web pages or opening HTML email the target IIS
sever may return user defined malicious active content.This is a bug in IIS 5.0, but it affects end users and is exploited
with a browser.A typical exploit scenario is stealing cookies which may contain sensitive information.
Signature ID: 32636
HTTP Icecast 2.0 Header overwrite
Threat Level: Severe
Industry ID: CVE-2004-1561 Bugtraq: 11271
Signature Description: This module exploits a Buffer overflow in the header parsing of Icecast.Sending 32 HTTP
headers will cause a write one past the end of a pointer array.On Microsoft Windows 95, Microsoft Windows
98.Microsoft Windows Me this happens to overwrite the saved instruction pointer, and on linux, this seems to generally
overwrite nothing crucial.This exploit uses ExitThread(), this will leave Icecast thinking the thread is still in use, and
the thread counter won't be decremented.This means for each time your payload exists, the counter will be left
incremented, and eventually the threadpool limit will be maxed.So you can multihit, but only till you fill the
threadpool.Verions 2.x up to 2.0.1 are reported vulnerable to this issue.
Signature ID: 32637
FTP acFTP 1.5 REST Denial of Service
Threat Level: Severe
Signature Description: AcFTP is an OpenSource replacement for Microsoft FTP server and other proprietary FTP