TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
754
the source code of server-side scripts, such as Active Server Pages (.ASP files).A remote attacker can send a file HTTP
GET request that contains a specialized header ("Translate: f" ), and one of several particular characters at the end, to
cause the Web server to send the source code of the file to the attacker.
Signature ID: 32717
Exchange ms03-046 CHECK
Threat Level: Severe
Signature Description: The denial of service can be triggered by sending XEXCH50 request with a massive number of
bytes for the first argument. This forces the remote server to allocate that specified amount of space and can easily be
used to drain all available memory from a system. Once Exchange runs low on memory, it no longer processes
incoming requests, leading to a quick and easy remote denial of service. If a negative value is passed as the first
argument of the XEXCH50 verb request, the server will not allocate any memory but still accept data. This can be used
to clobber the heap and eventually execute arbitrary code.
Signature ID: 32718
HTTP Opera CSS Background Property Memory Corruption
Threat Level: Severe
Industry ID: CVE-2006-3945 CVE-2006-3199 Bugtraq: 18585
Signature Description: This denial of service is due to a memory corruption error when setting the CSS background
property of a DHTML element to an overly long URL(HTTP or HTTPS). Opera version 9 is effected by this Dos attack
Signature ID: 32721
HTTP Acunetix Web Scanner HTTP Sniffer Overflow DoS
Threat Level: Severe
Bugtraq: 14488
Signature Description: Acunetix is a Web vulnerability scanner for some Microsoft Windows operating
systems.Acunetix version 2.0 is vulnerable to a denial of service.A remote attacker could send a specially crafted string
to the Acunetix application to consume all available resources.The 'Sniffer' component fails to perform proper bounds
checking resulting in a buffer overflow.Acunetix must be restarted to regain normal functionality.
Signature ID: 32723
HTTP KDE LibkHTML NodeType Function HTML Tags Handling DoS
Threat Level: Severe
Industry ID: CVE-2006-6660
Bugtraq: 21662
Signature Description: This DOS attack is due to an error in the nodeType() method when handling malformed HTML
tags, which could be exploited by attackers to crash applications linked against a vulnerable library via a specially
crafted HTML document.A remote attacker could send a specially-crafted HTML email to cause the affected
application to crash, once the message is viewed. This rule hits when track state KDElibhtml is set by the ruleid 32722
and consists of the attack pattern.
Signature ID: 32732
Asterisk Skinny Channel Driver get_input Function Overflow
Threat Level: Severe
Industry ID: CVE-2006-5444
Bugtraq: 20617
Signature Description: By sending a specially crafted data to trigger an integer overflow in the Asterisk Skinny channel
driver for Cisco SCCP phones (chan_skinny.so) at port 2000/TCP user can execute arbitrary code on the target system.
The code will run with root level privileges.The vulnerability resides in the get_input() function in 'chan_skinny.c'.