Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
12345678910
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
8
Signature ID: 27
Calendar admin cgi vulnerability attempt
Threat Level: Severe
Industry ID: CVE-2000-0432 Bugtraq: 1215 Nessus: 10506
Signature Description: Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the
Internet. It allows a website administrator to easily setup and customize a calendar on their website. There are two
components of this package, calendar-admin.pl and calendar.pl. In Matt Kruse Calendar Script 2.2 , Calendar-admin.pl
calls open() with user-input in the command string without parsing the input for metacharacters. It is therefor possible
to execute arbitrary commands on the target host by passing "|shell command|" as one value of the "configuration file"
field. The shell that is spawned with the open() call will then execute those commands with the uid of the webserver.
This can result in remote access to the system for the attacker. Calendar.pl is vulnerable to a similar attack.
Signature ID: 30
ColdFusion Debug cgi vulnerability
Threat Level: Warning
Nessus: 10797
Signature Description: ColdFusion is an application server and software development framework used for the
development of computer software in general, and dynamic web sites in particular. In versions 4.5 and 5.0 (and
probably in older versions), it is possible to see the ColdFusion Debug Information by appending ?Mode=debug at the
end of the request (like GET /index.cfm?Mode=debug). The Debug Information usually contain sensitive data such as
Template Path or Server Version which may provide information for use in subsequent attacks.
Signature ID: 32
Cgicso command execution cgi vulnerability
Threat Level: Warning
Industry ID: CVE-2002-1652 Bugtraq: 6141 Nessus: 10779
Signature Description: CGIEmail is a form processing script, written in the C language. It allows account holders to set
up feedback forms with the input from users being directed to the configured e-mail recipient. It takes the contents of a
form specified in a html file and emails them to a specified location. A mail specification in a text file is used to format
and mail the resulting email message. Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a long query parameter.
Signature ID: 33
Cgiforum cgi vulnerability vulnerability
Threat Level: Severe
Industry ID: CVE-2000-1171 Bugtraq: 1963 Nessus: 10552
Signature Description: CGIForum is a commercial cgi script from Markus Triska which is designed to facilitate web-
based threaded discussion forums. In Markus Triska CGIForum 1.0, the 'cgiforum.pl' has a well known security flaw.
The script improperly validates user-supplied input to the "thesection" parameter. If an attacker supplies a carefully-
formed URL contaning '/../' sequences as argument to this parameter, the script will traverse the normal directory
structure of the application in order to find the specified file. As a result, it is possible to remotely view arbitrary files
on the host which are readable by user 'nobody'.
Signature ID: 35
Cobalt RaQ Cgiwrap cgi vulnerability
Threat Level: Severe
Industry ID: CVE-1999-1530 CVE-2000-0431 Bugtraq: 777,1238 Nessus: 10041
Signature Description: The Cobalt RaQ is a 1U rackmount server product line developed by Cobalt Networks, Inc.