TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
749
Signature ID: 32689
HTTP Adobe Reader Plugin Open Parameters Cross-Site Scripting
Threat Level: Severe
Industry ID: CVE-2007-0045
CVE-2007-0044 Bugtraq: 21858
Signature Description: Adobe Acrobat Reader is software designed to view Portable Document Format (PDF) files.
Adobe also distributes the Adobe Acrobat Plug-In to allow users to view PDF files inside of a web browser.The Adobe
Acrobat Plug-In PDF Open Parameters feature allows users to specify actions to take on a PDF document via URI
parameters.However, the Adobe Acrobat Plug-In fails to properly validate these URI parameters for scripting code.This
allows user-supplied scripts to execute within the context of the web site hosting the PDF file causing a cross-site
scripting vulnerability, any PDF document can be leveraged to exploit this vulnerability, regardless of whether that
document is on the local file system or a remote web server.However, web browsers typically prevent remote content
from accessing resources on the local file system.This will stop scripts originating from remote sources from accessing
resources on the local file system.An attacker may be able to obtain sensitive data from a user that visits a web site
hosting a PDF document.Depending on the nature of the web site, this data may include passwords, credit card
numbers, and any arbitrary information provided by the user.Likewise, information stored in cookies could be stolen or
corrupted.
Signature ID: 32690
HTTP McAfee EPolicy Orchestrator VerifyPackageCatalog ActiveX Overflow
Threat Level: Severe
Industry ID: CVE-2007-1498 Bugtraq: 22952
Signature Description: The McAfee ePolicy Orchestrator and ProtectionPilot are applications that are designed to
allow centralized security management of multiple clients.Remote management of the ePolicy Orchestrator and
ProtectionPilot servers are done through a management console.The ActiveX control SiteManager.Dll that is shipped
with the McAfee ePolicy Orchestrator and ProtectionPilot contains two functions that are vulnerable to stack based
buffer overflows.SiteManager.Dll should only be installed on systems that have used the McAfee management
console.By convincing a user to view a specially crafted HTML document, a remote, unauthenticated attacker may be
able to execute arbitrary code with the privileges of the user.The attacker could also cause Internet Explorer to crash
Signature ID: 32691
SAP Internet Graphics Server PARAMS Cross Site Scripting
Threat Level: Severe
Industry ID: CVE-2007-3613 Bugtraq: 24775
Signature Description: SAP Internet Graphics Server (IGS) is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input by the ADM:GETLOGFILE script.The ADM interface does not properly filter HTML
code from user-supplied input before displaying the input.A remote user can create a specially crafted URL that, when
loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser.The code will
originate from the site running the SAP Internet Graphics Server software and will run in the security context of that
site.As a result, the code will be able to access the target user's cookies (including authentication cookies), associated
with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting
as the target user
Signature ID: 32692
WFTPD Pro server SITE ADMIN denial of service
Threat Level: Severe
Industry ID: CVE-2007-0311
Bugtraq: 22046
Signature Description: WFTPD, developed by Texas Imperial Software is the popular FTP server for Windows. The
WFTPD Pro Server Version 3.25 and prior are vulnerable to denial of service. This issue will occurs when a SITE
ADMIN command followed by two whitespace characters are sent to WFTPD server. Exploiting this issue allows