TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

741

742

743

744

745

746

747

748

749

750

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

746

Signature ID: 32670

Backdoor Wow23 0.3

Threat Level: Severe

Signature Description: Wow.23 backdoor, also known as 23 HTML Creator or BackDoor-US, is a backdoor Trojan

written in Visual Basic that affects Microsoft Windows operating systems.Wow.23 backdoor exploits a vulnerability in

Microsoft Internet Explorer, allowing the attacker to execute arbitrary code on the system.It communicates using TCP

on port 80.Wow23 typically runs from the server file "C:\WINDOWS\Shedule.exe" over port 80 via TCP

Signature ID: 32673

HTTP Request Authorization Field Buffer Overflow Vulnerability

Threat Level: Severe

Industry ID: CVE-2005-1348 Bugtraq: 13350

Signature Description: Some URLs require authentication in order for a user to gain access. A user agent that wishes to

authenticate itself with a server does so by including an Authorization request-header field with the request. This rule

triggers when a long HTTP authorization header is observed. MailEnable versions 1.04 and earlier and Professional

versions 1.54 and earlier are vulnerable to this kind of vulnerability. A remote attacker could overflow a buffer by

sending a large Authorization string and execute arbitrary code on the system.

Signature ID: 32674

Backdoor Girlfriend 1.3.5

Threat Level: Information

Industry ID: CVE-1999-0660 Nessus:

10024,10152,10151,10409,10053,10270,10501,10288,10307,10350,10920,10921

Signature Description: The GirlFriend backdoor is one of many backdoor programs that attackers can use to access

your computer system without your knowledge or consent.With the GirlFriend backdoor, an attacker can access files on

your hard drive, capture your keystrokes, retrieve your passwords by monitoring the password fields in dialog boxes on

your screen.It communicates using TCP on port 31337 but can use alternative ports.Platforms Affected are Windows

95,Windows 98.

Signature ID: 32677

HTTP Blue Coat Systems K9 Web Protection Buffer Overflow

Threat Level: Information

Industry ID: CVE-2007-1685

CVE-2007-1783 Bugtraq: 24373

Signature Description: Blue Coat K9 Web Protection is vulnerable to a buffer overflow, caused by improper bounds

checking by the Web management interface.Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and

probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute

arbitrary code via a long HTTP GET request to port 2372.

Signature ID: 32678

HTTP IE 7 navcancl.htm Cross-Site Scripting

Threat Level: Severe

Industry ID: CVE-2007-1499

Bugtraq: 22966

Signature Description: Microsoft Internet Explorer 7 is vulnerable to cross-site scripting, caused by improper

validation of user-supplied input by the navcancl.htm script.A remote attacker could exploit this vulnerability using the

"Refresh the page" icon to inject malicious script into a Web page which would be executed in a victim's Web browser

within the security context of the hosting Web site, once the "Navigation Canceled" page is displayed.An attacker could

use this vulnerability to steal the victim's cookie-based authentication credentials, spoof Web content, or perform

phishing attacks.