Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
81828384858687888990
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
88
default, the chipcfg.cgi script is installed. A remote attacker can send a specially-crafted URL request containing the
chipcfg.cgi script to the server to gain access to sensitive network information. No remedy available as of July,
2008.<br>
Signature ID: 603
WEB-CGI album.pl access vulnerability
Threat Level: Information
Industry ID: CVE-2003-1456 Bugtraq: 7444 Nessus: 11581
Signature Description: The MIke Bobbit Album is a Perl CGI script used for managing pictures on a webserver. It
allows you to browse a directory tree and display all the images in it through a customizable web based interface. Any
new images added are automatically displayed in the Photo album. album.pl(Mike Bobbitt album.pl version 6.1 and
prior) is command executeion vulnerability. The vulnerability reportedly exists when alternate configuration files are
used, an attacker can use this vulnerability to execute arbitrary commands on the server and to gain local, interactive
access to the underlying host.
Signature ID: 604
WEB-CGI streaming server parse_xml.cgi access vulnerability
Threat Level: Information
Industry ID: CVE-2003-0054 Bugtraq: 6954
Signature Description: Apple Darwin and Quick Time Streaming Administration Servers are web based services that
allow administrators to manage the Darwin and Quick Time Streaming Servers. Apple's QuickTime Streaming Server
and Darwin's Streaming Server, version 4.1.1 and 4.1.2, could allow a remote attacker to execute arbitrary commands
on the server. The issue triggered when an attacker sends a specially-crafted HTTP GET request to the parse_xml.cgi
with a CGI parameter value containing a pipe(|) character, an attacker can use this vulnerability to execute arbitrary
commands on the system. No remedy available for this issue.
Signature ID: 606
BugZilla Post_Bug.CGI Bug Report Spoofing Vulnerability
Threat Level: Information
Industry ID: CVE-2002-0008 Bugtraq: 3794,3793
Signature Description: Bugzilla is a bug or issue-tracking system. Bug-tracking systems allow individual or groups of
developers effectively to keep track of outstanding problems with their product. Bugzilla, version before 2.14.1, could
allow a remote attacker to post a bug as another user. The issue triggered, an attacker can saves the enter_bug.cgi form
locally and edits the userid, the attacker can post a bug as another user by modifying the reporter parameter
enter_bug.cgi, which is passed to post_bug.cgi. The issue is fixed in the version of Bugzilla 2.14.1 or later. Update this
version for removing the issue, which is available at vendor's web site.
Signature ID: 607
BugZilla Process_Bug.CGI Comment Spoofing Vulnerability
Threat Level: Information
Industry ID: CVE-2002-0008 Bugtraq: 3793
Signature Description: Bugzilla is a bug or issue-tracking system. Bug-tracking systems allow individual or groups of
developers effectively to keep track of outstanding problems with their product. Bugzilla, version before 2.14.1, allow
non-authorized users to post comments as any user of their choosing, including non-valid usernames. The
process_bug.cgi script only checks that a user exists when a bug comment is added, not that the user adding the bug is
the one currently logged in. This may be exploited by saving the add comment form locally and then changing the
value of the appropriate form element. The attacker then submits the altered form. The issue is fixed in the version of
Bugzilla 2.14.1 or later. Update this version for removing the issue, which is available at vendor's web site.