TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
848
uri filled of SIP INVITE packet. Attacker could manipulate victim's valuable information. Patches are available at
asterisk website. This signature triggers when an attacker send request by using the UDP service.
Signature ID: 34841
SQL injection via SIP (part 2) and toll fraud bonus
Threat Level: Severe
Industry ID: CVE-2007-5488
Bugtraq: 26095
Signature Description: SIP is an application layer protocol that can establish, modify and terminate multimedia
sessions such as Internet telephone calls. SIP will send INVITE message to initiate session, this message contains uri of
the destination. SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before versions of 1.2.8, and
1.4.x before versions of 1.4.4. Some SIP proxies store information gathered from SIP headers into databases used for
billing and accounting purposes. This is the case for the vulnerability, if this information is not properly filtered, once it
will be displayed to the administrator it can perform a second order SQL Injection. Attacker can put SQL commands in
uri filled of SIP INVITE packet. Attacker could manipulate victim's valuable information. Patches are available at
asterisk website. This signature triggers when an attacker send request by using the TCP service.
Signature ID: 34842
XSS via SIP (part 2) and toll fraud bonus
Threat Level: Severe
Industry ID: CVE-2007-5488 Bugtraq: 26095
Signature Description: SIP is an application layer protocol that can establish, modify and terminate multimedia
sessions such as Internet telephone calls. SIP will send INVITE message to initiate session, this message contains uri of
the destination. Some SIP proxies store information gathered from SIP headers into databases used for billing and
accounting purposes. This is also the case for the vulnerability disclosed. XSS injection can be performed over SIP to
inject malicious JavaScript into the browser of an user that check the call history of his phone. XSS can be used with
tools like Beef and XSS proxy to scan the internal network, deactivate firewalls. JavaScript can be stored into the
database with the SQL injection and executed on the browser when the admin will check it. No remedy is available.
This signature to detect the attck from SIPUDP session.
Signature ID: 34843
XSS via SIP (part 2) and toll fraud bonus
Threat Level: Severe
Industry ID: CVE-2007-5488 Bugtraq: 26095
Signature Description: SIP is an application layer protocol that can establish, modify and terminate multimedia
sessions such as Internet telephone calls. SIP will send INVITE message to initiate session, this message contains uri of
the destination. Some SIP proxies store information gathered from SIP headers into databases used for billing and
accounting purposes. This is also the case for the vulnerability disclosed. XSS injection can be performed over SIP to
inject malicious JavaScript into the browser of an user that check the call history of his phone. XSS can be used with
tools like Beef and XSS proxy to scan the internal network, deactivate firewalls. JavaScript can be stored into the
database with the SQL injection and executed on the browser when the admin will check it. No remedy is available.
This signature to detect the attck from SIPTCP session.
Signature ID: 34847
Nokia N95 cellphone remote DoS using the SIP Stack
Threat Level: Warning
Industry ID: CVE-2007-6371
Bugtraq: 26726
Signature Description: Nokia N95 cell phone with RM-159 12.0.013 version is vulnerable. If the N95 device has its
SIP Phone client activated, a sequence of SIP messages result in it's crash. SIP is an application layer protocol that can
establish, modify and terminate multimedia sessions such as Internet telephone calls. Client will send SIP INVITE