TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
744
Signature Description: Oracle Rapid Install Web Server in Oracle Application Server 11i is vulnerable to cross-site
scripting, caused by improper validation of user-supplied input by the login page.A remote attacker could exploit this
vulnerability to inject malicious script or HTML via a URL to the Secondary Login Page, as demonstrated using (1)
pls/ and (2) pls/MSBEP004/, into a Web page which would be executed in a victim's Web browser within the security
context of the hosting Web site, once the page is viewed.An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials.
Signature ID: 32661
HTTP Microsoft Media Player (WMV file) DoS -2
Threat Level: Severe
Industry ID: CVE-2003-0228
Bugtraq: 7517
Signature Description: A vulnerability was reported in Windows Media Player in the processing of skin files (*.wmz
files).Internet Explorer (IE) invokes Windows Media Player when processing the "application/x-ms-wmz" MIME type.
The wmplayer.exe binary is reportedly executed with the "/layout" command line switch, intended to save the skin file
in the Skins folder with a file name based partly on the supplied URL and also partly on a random string. A remote user
can create a specially crafted URL with hex-encoded backslashes to cause the system to write the skin file to a
specified location on the target user's computer. Exploit attempts of this vulnerability are detected using a combination
of two signatures. This is the second signature and generates a log message.
Signature ID: 32662
HTTP Cisco IOS HTTP Auth
Threat Level: Severe
Industry ID: CVE-2001-0537 Bugtraq: 2936 Nessus: 10700
Signature Description: When the HTTP server is enabled and local authorization is used, it is possible, under some
circumstances, to bypass the authentication and execute any command on the device.In that case, the user will be able
to exercise complete control over the device.All commands will be executed with the highest privilege (level 15).All
releases of Cisco IOS software, starting with release 11.3 and later, are vulnerable.Virtually all mainstream Cisco
routers and switches running Cisco IOS software are affected by this vulnerability.Products that are not running Cisco
IOS software are not vulnerable.The workaround for this vulnerability is to disable HTTP server on the router or to use
Terminal Access Controller Access Control System (TACACS+) or Radius for authentication.
Signature ID: 32663
HTTP phpBB search.php SQL Injection
Threat Level: Severe
Industry ID: CVE-2005-1114
Bugtraq: 13154
Signature Description: PhpBB is a free open-source Web bulletin board software package.phpBB versions 2.0.6 and
earlier are vulnerable to SQL injection.Installations of phpBB with the register_global set to "on" could allow a remote
attacker to send specially-crafted SQL statements to the $search_results variable to modify the logic of underlying SQL
queries and add, modify or delete data from the backend database, including hashed passwords.phpBB 2.0.6 and earlier
are affected.
Signature ID: 32664
MS Windows UPnP Stack Overflow (HTTP Header CALLBACK)
Threat Level: Severe
Industry ID: CVE-2007-1204
CVE-2001-0876 Bugtraq: 23371,3723 Nessus: 11765
Signature Description: A buffer overflow in Universal Plug and Play (UPnP) service on Microsoft Windows XP,
Microsoft Windows ME, and Microsoft Windows 98 permits an intruder to run arbitrary code on vulnerable
systems.Universal Plug and Play (UPnP) is a system to allow network devices to operate together.A vulnerability in the
Microsoft Windows XP and Windows ME implementation of UPnP Stack (HTTP Header CALLBACK) may permit an