Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
71727374757677787980
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
74
Signature ID: 418
Microsoft FrontPage/IIS shtml.dll Denial Of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0709 Bugtraq: 1608 Nessus: 10497
Signature Description: Microsoft FrontPage Server Extensions let users manage their web site remotely. FrontPage
2000 Server Extensions is vulnerable to a remote denial of service attack. By requesting a URL using the shtml.exe
component of FrontPage 2000 Server Extensions, an attacker can overflow a buffer and also determine the physical
path of the server components by including a DOS device name in the GET request. This Attacker First send the Get
request with uri containing /_vti_bin/shtml.exe. Once server responds, again it will send /_vti_bin/shtml.exe/aux.htm
after that once again it will send /_vti_bin/shtml.exe, if server is not responding it will be treated as attack. As a result,
FrontPage operations slow down and the server shows 100 percent CPU utilization until the GET request times out.
Signature ID: 419
Novell GroupWise buffer overflow vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0146 Bugtraq: 972 Nessus: 10097
Signature Description: Novell GroupWise is a cross-platform collaboration and messaging system. Novell GroupWise
5.5 with Enhancement Pack installed is vulnerable to a denial of service attack. The Denial of Service attack occurs
when a large character string is sent by a browser and is processed by the servlet gateway, causing the server to abend,
CPU usage to increase to 100%, or the post office service to crash. The server will require a reboot to recover from the
attack. Novell Groupwise Enhancement Pack 5.5 is vulnerable.
Signature ID: 421
IIS 5.0 PROPFIND DoS Vulnerability
Threat Level: Severe
Industry ID: CVE-2001-0151 CVE-2001-0508 Bugtraq: 2453,2690,2483 Nessus: 10667,10631,10732
Signature Description: WebDAV is an extension to the HTTP protocol that allows remote authoring and management
of web content. In the Windows 2000 implementation of the protocol, IIS 5.0 performs initial processing of all
WebDAV requests, then forwards the appropriate commands to the WebDAV process. It is possible to disable the
remote IIS server by making a variation of a specially formed PROPFIND request. WebDAV contains a flaw in the
handling of certain malformed requests, submitting multiple malformed WebDAV requests could cause the server to
stop responding. The successful attack should cause a DoS. Microsoft IIS 5.0 is vulnerable.
Signature ID: 422
AVM Ken! Proxy DoS vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0262 CVE-2000-0261 Bugtraq: 1103 Nessus: 10375
Signature Description: AVM Ken! is a proxy server for Windows that allows multiple users to share an ISDN
connection. A local attacker could cause a denial of service by sending random characters to port 3128. This attack
causes the software to crash and close all connections to the server. AVM Ken! prior to 1.04.32 are affected by this
issue.
Signature ID: 423
Netscape Enterprise Server SSL Buffer Overflow DoS Vulnerability
Threat Level: Severe
Industry ID: CVE-1999-0752 Bugtraq: 516 Nessus: 10155
Signature Description: Netscape Enterprise Server was a web server developed originally by Netscape
Communications Corporation. Netscape Enterprise Server versions 3.0, 3.51, and 3.6 are vulnerable to a denial of