TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
747
Signature ID: 32680
IBM Tivoli Enterprise Portal Server Heap Overflow
Threat Level: Severe
Industry ID: CVE-2007-2137
Bugtraq: 23558
Signature Description: IBM Tivoli Monitoring in kde.dll is vulnerable to multiple heap-based buffer overflows, caused
by improper bounds checking by Tivoli Universal Agent Primary Service, Monitoring Agent for Windows OS -
Primary, and Tivoli Enterprise Portal Server services.By sending an overly long string to the 10110/TCP, 6014/TCP,
and 14206/TCP ports respectively, a remote attacker could overflow a buffer and execute arbitrary code on the system.
This signature detects attacks on IBM Tivoli Enterprise Portal Server listening on TCP port 14206.
Signature ID: 32681
IBM Tivoli Monitoring Express Monitoring Agent WinOS Heap Overflow
Threat Level: Severe
Industry ID: CVE-2007-2137 Bugtraq: 23558
Signature Description: IBM Tivoli Monitoring in kde.dll is vulnerable to multiple heap-based buffer overflows, caused
by improper bounds checking by Tivoli Universal Agent Primary Service, Monitoring Agent for Windows OS -
Primary, and Tivoli Enterprise Portal Server services.By sending an overly long string to the 10110/TCP, 6014/TCP,
and 14206/TCP ports respectively, a remote attacker could overflow a buffer and execute arbitrary code on the system.
This signature detects attacks on IBM Tivoli Monitoring Express listening on TCP port 6014.
Signature ID: 32682
IBM Tivoli Monitoring Express Universal Agent Service Heap Overflow
Threat Level: Severe
Industry ID: CVE-2007-2137 Bugtraq: 23558
Signature Description: IBM Tivoli Monitoring in kde.dll is vulnerable to multiple heap-based buffer overflows, caused
by improper bounds checking by Tivoli Universal Agent Primary Service, Monitoring Agent for Windows OS -
Primary, and Tivoli Enterprise Portal Server services.By sending an overly long string to the 10110/TCP, 6014/TCP,
and 14206/TCP ports respectively, a remote attacker could overflow a buffer and execute arbitrary code on the system.
This signature detects attacks on IBM Tivoli Monitoring Express Universal Agent listening on TCP port 10110.
Signature ID: 32683
HTTP Windows MHTML URI Buffer Overflow (MS06-043)
Threat Level: Severe
Industry ID: CVE-2006-2766 Bugtraq: 18198 Nessus: 22185
Signature Description: Microsoft Windows fails to properly handle MHTML.This vulnerability may allow a remote
attacker to execute arbitrary code on a vulnerable system.According to Microsoft Security Bulletin MS06-043-
MHTML extends HTML to embed encoded objects, such as images, in the HTML document.Although it is actually the
HTML rendering extension that renders MHTML, this functionality may also be referred to as the MHTML rendering
extension.Microsoft Windows fails to properly handle MHTML.This vulnerability can be triggered by viewing a
specially crafted MHTML document.
Signature ID: 32684
HTTP Adobe Acrobat UXSS in FDF
Threat Level: Severe
Industry ID: CVE-2007-0045 CVE-2007-0044 Bugtraq: 21858
Signature Description: The Adobe Acrobat Reader Plugin is vulnerable to cross-site scripting, caused by improper
validation of input passed to PDF documents.A remote attacker could exploit this vulnerability using the FDF, XML, or
XFDF parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of
the hosting Web site, once the URL is clicked.An attacker could use this vulnerability to steal or corrupt the victim's