TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
879
request that contains multiple 'Content-Length' values in an invalid HTTP header.A remote attacker may exploit this
issue to launch cache poisoning or content-restriction bypass attacks against the affected server.
Signature ID: 35073
Microsoft Windows Media Services Remote Denial of Service Vulnerability
Threat Level: Severe
Industry ID: CVE-2003-0905 Bugtraq: 9825
Signature Description: Microsoft Windows Media Services is prone to a remote denial of service vulnerability.It is
comprised of the Windows Media Unicast Service, Windows Media Station Service, Windows Media Program Service,
and Windows Media Monitor Service. There is a vulnerability in the way TCP/IP connections are handled by both the
Windows Media Station Service and Windows Media Monitor Service. This may allow an attacker to cause the
services to effectively deny access to legitimate users by sending specially crafted TCP/IP packets on TCP ports 7007
and/or 7778. This signature detects attacking on TCP port 7007.
Signature ID: 35074
Microsoft Windows Media Services Remote Denial of Service Vulnerability
Threat Level: Severe
Industry ID: CVE-2003-0905 Bugtraq: 9825
Signature Description: Microsoft Windows Media Services is prone to a remote denial of service vulnerability.It is
comprised of the Windows Media Unicast Service, Windows Media Station Service, Windows Media Program Service,
and Windows Media Monitor Service. There is a vulnerability in the way TCP/IP connections are handled by both the
Windows Media Station Service and Windows Media Monitor Service. This may allow an attacker to cause the
services to effectively deny access to legitimate users by sending specially crafted TCP/IP packets on TCP ports 7007
and/or 7778. This signature detects attacking on TCP port 7778.
Signature ID: 35075
IBM Lotus Notes Cross Site Scripting
Threat Level: Warning
Industry ID: CVE-2005-2175 Bugtraq: 14164
Signature Description: IBM Lotus strongly recommended using of Domino Web Access (iNotes). The Domino Web
Access mail template prompts the user to open or save when clicking on attachments. A remote user can send an e-mail
with an HTML file attachment to a target user. If the target user clicks on the attachment, the HTML code is executed
without first providing a warning prompt. Arbitrary scripting code may be executed by the target user's browser. The
code will originate from the site running the Lotus Notes software and will run in the security context of that site. As a
result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with
the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as
the target user. An HTML attachment with Content-Type of 'text/html' and Content-Disposition of 'inline' can trigger
the flaw. This signature triggers for Outbound response malformed packets.
Signature ID: 35076
Multiple Vendor SOAP Server Undisclosed Request Denial Of Service Vulnerability
Threat Level: Severe
Industry ID: CVE-2004-1815
Bugtraq: 9877
Signature Description: SOAP HTTP servers are vulnerable to a denial of service. If the server is expecting an array of
objects, a remote or local attacker could send a specially-crafted SOAP request that does not contain this as an
argument to cause a delay in the server's response time. This can be exploited to exhaust a large amount of CPU and
memory resources, which will increase response times and may generate out-of-memory errors.ColdFusion MX 6.0
and 6.1, and JRun 4.0 are vulnerable.