TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

881

882

883

884

885

886

887

888

889

890

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

885

Signature ID: 35106

Attribute breaking injections and evasion techniques on attributes

Threat Level: Severe

Bugtraq: 29025,29191

Signature Description: Remote Attackers bypass security systems by breaking attribute value with some special

characters causing admin access on the target system. This rule detects html breaking statements followed with html

tags found in the http request lines.

Signature ID: 35107

Cross site Scripting attack using URL or location or referrer or name attributes

Threat Level: Severe

Bugtraq: 29571

Signature Description: HTTP Server’s allows clients to use http header referrer for tracking purpose, attacker

may inject cross site script by using this field. For example an attacker can inject his own code using this field. Server

executes that in the security context resulting authentication cookie stealing and many more. Code injections for cookie

stealing will use document.location, document.referrer, attacker will make use of these javascript codes for stealing

user’s information.

Signature ID: 35108

Cross Site Scripting on setter or getter usage property

Threat Level: Severe

Signature Description: Cross site scripting is possible on getter or setter attributes. Attacker runs his script on the

vulnerable system by passing html breaking statements along with getter or setter or any other html/ script. This rule

detects html breaking statements with script or functions in the http request line.

Signature ID: 35109

Cross site script using with() function and control statements

Threat Level: Severe

Signature Description: Cross-Site Scripting using with function and with common loops such as do, while, for

statements are possible, This rule hits when an attempt to inject cross site script.

Signature ID: 35110

Cross site scripting Javascript with() function, or with delimiting operators or XML predicate

attacks

Threat Level: Severe

Industry ID: CVE-2007-2832

Bugtraq: 24119,29571

Signature Description: Cross site scripting is possible by putting javascript in the vulnerable attribute and with()

function, or an attacker can terminate the embedded attribute values with semicolon, comma, or dot operators and can

inject XML Predicate logics. This rule hits when an attribute contain javascript with function or attribute terminating

characters present in the attributes, or XML predicate attack made.

Signature ID: 35111

Cross Site Scripting with self-executing javascript

Threat Level: Severe

Bugtraq: 29191,29571

Signature Description: Attacker executes his won script by passing self-executable javascript code via vulnerable

attribute. If succeeded then attacker gains access on the affected system.