TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
83
allow a user to gain access to various files and reveal sensitive data. Upgrade the latest version of WebLogic, available
at vendor's website.
Signature ID: 575
BEA Systems WebLogic Server Directory Traversal %2f Vulnerability
Threat Level: Warning
Bugtraq: 2513 Nessus: 10698
Signature Description: BEA System WebLogic Server is an enterprise level web and wireless application server. It
provides easily surfaced diagnostics information, a GUI administration console, and command-line scripting. BEA
WebLogic Server(BEA WebLogic Server version 6.0) could allow an attacker to browse directories on the Web server.
An attacker can request a URL followed by a specific ASCII representation, such as "%2f". This vulnerability could
allow a user to gain access to various files and reveal sensitive data. Upgrade the latest version of WebLogic, available
at vendor's website.
Signature ID: 576
BEA Systems WebLogic Server Directory Traversal %2e Vulnerability
Threat Level: Warning
Bugtraq: 2513 Nessus: 10698
Signature Description: BEA System WebLogic Server is an enterprise level web and wireless application server. It
provides easily surfaced diagnostics information, a GUI administration console, and command-line scripting. BEA
WebLogic Server(BEA WebLogic Server version 6.0) could allow an attacker to browse directories on the Web server.
An attacker can request a URL followed by a specific ASCII representation, such as "%2e". This vulnerability could
allow a user to gain access to various files and reveal sensitive data. Upgrade the latest version of WebLogic, available
at vendor's website.
Signature ID: 577
BEA Systems WebLogic Server Directory Traversal %00 Vulnerability
Threat Level: Warning
Bugtraq: 2513 Nessus: 10698
Signature Description: BEA System WebLogic Server is an enterprise level web and wireless application server. It
provides easily surfaced diagnostics information, a GUI administration console, and command-line scripting. BEA
WebLogic Server(BEA WebLogic Server version 6.0) could allow an attacker to browse directories on the Web server.
An attacker can request a URL followed by a specific ASCII representation, such as "%00". This vulnerability could
allow a user to gain access to various files and reveal sensitive data. Upgrade the latest version of WebLogic, available
at vendor's website.
Signature ID: 578
IPlanet CMS/Netscape Directory Server Directory Traversal Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-1075
Bugtraq: 1839 Nessus: 10683,10589
Signature Description: IPlanet was a product brand that was used jointly by Sun Microsystems and Netscape
Communication when delivering software and service. Netscape is a suite of software components for sharing,
accessing, and communicating information via intranets and the internet. Netscape include components for browsing,
email, authoring HTML pages, and reading newsgroups. Netscape(iplanet) Certificate Management System(Netscape
Directory Server version 4.12.0 and iPlanet CMS version 4.2.0) could allow a remote attacker to traverse directories on
the server. An attacker can request a specially-crafted URL containing "dot dot"(\../) sequences in front on the file
name, which would allow the attacker to read or download any known file outside the Web root. No remedy available
for Netscape Directory server. Upgrade the latest version of iPlanet Certificate Management System(4.2 SP1 or later),
available at vendor's website.