Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
891892893894895896897898899900
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
894
Signature ID: 35161
Php code injection attempt
Threat Level: Severe
Signature Description: This rule hits when http request line consists of php delimiting statements. Attackers may inject
php delimiting statements to cause abnormal code embedded php statements.
Signature ID: 35162
PHP Code Injection attempt
Threat Level: Severe
Signature Description: This Rule hits when http request consists of php dangerous statements which may disclose
sensitive information to the attacker. Functions include define, eval, file_get_contents, include, require, require_once,
set, shell_exec, phpinfo, system, passthru, preg_ sequence of functions, execute.
Signature ID: 35163
PHP Code Injection attempts
Threat Level: Severe
Signature Description: This rule hits when http request consists of dangerous php statements which may disclose
sensitive information to the attacker. Functions include var_dump, fopen, popen, rm, echo, print, print_r.
Signature ID: 35164
URL injections attempt
Threat Level: Severe
Bugtraq: 28075
Signature Description: This rule hits when URI consists of URL. Attacker may use referrer mimefield to redirect web-
request to some malicious sites by putting url in the referrer field. And attackers may use this technique to attack some
other site using victim’s browser.
Signature ID: 35165
JavaScript declarations and operators in the request line
Threat Level: Severe
Industry ID: CVE-2008-1861 CVE-2008-1862
Signature Description: This rule hits when an attribute consists of javascript declaration statements, object creation
statements like new operator, deletion of memory variables. Attacker may use these statements to inject his own
javascript code.
Signature ID: 35166
Mail header injections attempt
Threat Level: Severe
Signature Description: Using mail function attackers can send a mail to some other recipients. This is possible by
injecting php mail function provided with necessary values in the vulnerable attribute. This rule hits when an attribute
consists of mailids and php code.
Signature ID: 35167
Shellcode injection attempt
Threat Level: Warning
Signature Description: This rule hits when a perl file consists of shell code in the http request line. Attackers can
injects perl scripts using vulnerable attribute names.