TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
878
Signature ID: 35067
Oracle Database 8i/9i Multiple Remote Directory Traversal Vulnerabilities
Threat Level: Warning
Industry ID: CVE-2005-0297
Signature Description: Oracle Database server is reported prone to multiple directory traversal vulnerabilities that may
allow a remote attacker to read, write, or rename arbitrary files with the privileges of the Oracle Database server. The
issues are reported to exist due to a lack of sufficient input validation performed on filenames and paths passed to file
processing functions, and may allow a malicious SQL query to traverse outside of a directory that is described in an
Oracle directory object.
Signature ID: 35068
Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass
Threat Level: Severe
Industry ID: CVE-2004-2383 Bugtraq: 9761
Signature Description: Microsoft Internet Explorer 5.0 through 6.0, when running on Microsoft Windows 2000
Professional and Windows XP Professional could allow a remote attacker to bypass cross-frame domain restrictions.
By creating a malicious Web page, that contains a frameset with the target URL and malicious JavaScript embedded
outside of the frameset, the attacker could monitor keystrokes and obtain sensitive user information, including login
credentials, once the link is clicked.
Signature ID: 35069
Mozilla Firefox Plugin Access Control Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0527 Bugtraq: 12655
Signature Description: A vulnerability was reported in Mozilla Firefox in the XPCOM implementation. A remote user
can execute arbitrary code on the target user's system. A remote user can create specially crafted HTML that, when
loaded by the target user, will execute arbitrary code with the privileges of the target user. The HTML can include
Firefox XPCOM code to perform actions (such as writing to a local file) that are triggered by scrollbar actions. The
exploit can be automated in conjunction with other previously reported vulnerabilities in Firefox so that user interaction
is not required.
Signature ID: 35071
Ipswitch IMail Server Remote LDAP Daemon Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-CVE-2004-0297 Bugtraq: 9682
Signature Description: The Ipswitch LDAP daemon has been reported prone to a remote buffer overflow vulnerability.
The vulnerability exists due to a lack of sufficient boundary checks performed on user supplied LDAP tags. When
attacker-supplied data containing large LDAP tags is processed by the affected service, a stack based buffer overflow
condition will be triggered. A remote attacker may exploit this condition to execute arbitrary instructions in the security
context of the affected service. This exploits a buffer overflow in the LDAP service that is part of the IMail product.
This module was tested against version 7.10 and 8.5, both running on Windows 2000.
Signature ID: 35072
Microsoft ISA Server HTTP Content Header Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1215 Bugtraq: 13956
Signature Description: Microsoft Internet Security and Acceleration (ISA) server 2000 is reported prone to a HTTP
request smuggling attack. The vendor reports that Microsoft ISA server fails to correctly handle an invalid HTTP