TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

871

872

873

874

875

876

877

878

879

880

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

875

execute arbitrary code in the context of the server, facilitating unauthorized access to the affected computer. Alt-N

MDaemon 8.03 is reported to be vulnerable. Other versions are likely affected as well.

Signature ID: 35054

Novell GroupWise 'img' Tag Buffer Overflow Vulnerability

Threat Level: Severe

Industry ID: CVE-2007-6435 Bugtraq: 26875

Signature Description: Novell GroupWise is prone to a buffer-overflow vulnerability because it fails to perform

adequate boundary checks on user-supplied data. A specially crafted IMG tag SRC parameter can trigger the overflow.

Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the affected

application. Failed exploit attempts will result in a denial-of-service condition.This issue affects GroupWise 6.5.6.

other versions may also be affected.

Signature ID: 35055

HP Software Update Tool ActiveX Control File Overwrite

Threat Level: Warning

Industry ID: CVE-2007-6506 Bugtraq: 26950

Signature Description: HP Software Update is an HP application which checks for and downloads updates for HP

products firmware, software, and drivers. It can also help update the security and functionality of HP products. The

vulnerability is caused due to the HPRulesEngine.ContentCollection.1 ActiveX Control (RulesEngine.dll) including the

insecure "SaveToFile()" method, which writes to a file specified as an argument. This can be exploited to overwrite and

corrupt arbitrary files on the system in the context of the currently logged-on user. This signature detects traffic

containing the vulnerable CLSID.

Signature ID: 35056

HP Software Update Tool ActiveX Control File Overwrite

Threat Level: Warning

Industry ID: CVE-2007-6506 Bugtraq: 26950

Signature Description: HP Software Update is an HP application which checks for and downloads updates for HP

products firmware, software, and drivers. It can also help update the security and functionality of HP products. The

vulnerability is caused due to the HPRulesEngine.ContentCollection.1 ActiveX Control (RulesEngine.dll) including the

insecure "SaveToFile()" method, which writes to a file specified as an argument. This can be exploited to overwrite and

corrupt arbitrary files on the system in the context of the currently logged-on user. This signature detects traffic

containing the vulnerable PROGID.

Signature ID: 35057

BEA WebLogic Administration Console LoginForm.jsp Cross-Site Scripting Vulnerability

Threat Level: Severe

Industry ID: CVE-2005-1747 Bugtraq: 13793

Signature Description: BEA WebLogic Server is the rock-solid foundation for enterprise applications and SOA

services, your OS for SOA. BEA WebLogic Server 10 is fully Java Platform Enterprise Edition (Java EE) 5 compliant,

including support for the new EJB 3.0 technology. BEA WebLogic Server And WebLogic Express are affected by a

cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input

to the 'LoginForm.jsp' script. An attacker may leverage this issue to have arbitrary script code executed in the browser

of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.