TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
77
Signature Description: OpenLink is an open source and commercial middleware software. Both the Unix and
WindowsNT versions of OpenLink 3.2 are vulnerable to a remotely exploitable buffer overflow attack. The problem is
in their web configuration utility, and is the result of an unchecked strcpy() call. The consequence is the execution of
arbitrary code on the target host (running the configuration utility) with the priviliges of the web software by sending
one of these two URLs GET AAA[....]AAA or GET /cgi-bin/testcono?AAAAA[...]AAA HTTP/1.0. The rule detects an
malicious attempt of second type.
Signature ID: 437
IIS ASP Chunked Encoding Heap Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0079
CVE-2002-0147 CVE-2002-0149 Bugtraq: 4485,4478,4490 Nessus: 10935
Signature Description: A heap overflow condition in the 'chunked encoding transfer mechanism' related to Active
Server Pages has been reported for Microsoft IIS, versions 4.0 and 5.0. Exploitation of this vulnerability may result in a
denial of service or allow for a remote attacker to execute arbitrary instructions on the victim host. Microsoft IIS 5.0 is
reported to ship with a default script (iisstart.asp) which may be sufficient for a remote attacker to exploit. Other
sample scripts may also be exploitable.
Signature ID: 438
IPlanet Webserver .shtml Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2000-1077 Bugtraq: 1848 Nessus: 10538
Signature Description: IPlanet Webserver is an http server product by the Sun-Netscape Alliance. By sending a
specially crafted HTTP request of approximately 198 - 240 characters with .shtml (default) file extension, it is possible
to cause a buffer overflow and allow the execution of arbitrary code. This is due to the way iPlanet parses .shtml files.
This vulnerability is only known to be exploitable if the server side 'parsing' option is enabled. An attacker may use this
flaw to gain a shell on this host.iPlanet E-Commerce Solutions iPlanet Web Server 4.0 is vulnerable
Signature ID: 439
Squid Cache FTP Proxy URL Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0068 Bugtraq: 4148 Nessus: 10923
Signature Description: Squid is a free proxy server. A buffer overflow exists in the Squid proxy server's FTP URL
handling. If a user has the ability to use the Squid process to proxy FTP requests, it may be possible for the user make a
malicious request. By sending a custom-crafted ftp:// URL through the squid proxy, it is possible to crash the server,
requiring manual restart to resume normal operation. This rule detects such attempt of buffer overflow.
Signature ID: 442
DCShop exposes sensitive files - orders.txt file access vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0821
Bugtraq: 2889
Signature Description: DCShop is a CGI-based ecommerce system from DCScripts. DCShop beta version 1.002 found
does not properly protect user and credit card information. This rule triggers if request is made to access orders.txt
present in dcshop/orders directory which includes all recent orders, including the end-users name, shipping and billing-
address, e-mail address and CREDIT CARD NUMBERS with exp-dates in plain text format.
Signature ID: 443
DCForum DCShop File Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0821
Bugtraq: 2889