Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
12345678910
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
9
(later purchased by Sun Microsystems) featuring a modified Red Hat Linux operating system and a proprietary GUI for
server management. Cobalt RaQ 2 and RaQ 3 servers come with a program called "cgiwrap", which acts as a wrapper
for cgi programs, so that they run with the uid of their user instead of 'nobody'. cgiwrap as used on Cobalt RaQ 2.0 and
RaQ 3i does not properly identify the user for running certain scripts. This allows a malicious site administrator to view
or modify data located at another virtual site on the same system. Also, if the files are uploaded from Frontpage, the
files are owned by 'httpd' user. This allows override of user privilages due to configuration settings of Apache
server.<br>
Signature ID: 36
Allaire ColdFusion Server (4.5.1) Administrator Login Password DoS Vulnerability
Threat Level: Severe
Industry ID: CVE-2000-0538 Bugtraq: 1314 Nessus: 10581
Signature Description: ColdFusion is an application server and software development framework used for the
development of computer software in general, and dynamic web sites in particular. A denial of service vulnerability
exists within the Allaire ColdFusion web application server (version 4.5.1 and earlier) which allows an attacker to
overwhelm the web server and deny legitimate web page requests. By downloading and altering the login HTML form
an attacker can send overly large passwords (>40,0000 chars) to the server, causing it to stop responding.
Signature ID: 37
Commerce cgi access vulnerability
Threat Level: Severe
Bugtraq: 2361,2001-0210 Nessus: 10612
Signature Description: Commerce.CGI is a Free ecommerce shopping cart program with a web based store manager
application for managing online stores. The Carey Internet Services Commerce.cgi version 2.0.1 has a well known
security flaw that lets an attacker read arbitrary files with the privileges of the http daemon (usually root or nobody).
Adding the string "/../%00" in front of a web page document will allow an remote attacker to be able to view any files
on the server, provided that the HTTPd has the correct permissions. The example is:
http://www.example.com/cgi/commerce.cgi?page=../../../../etc/hosts%00index.html
Signature ID: 38
Access to Vulnerable CGI Count.cgi
Threat Level: Severe
Industry ID: CVE-1999-0021 Bugtraq: 128 Nessus: 10049
Signature Description: The wwwCount 'Count.cgi' program is used to record and display the number of times a WWW
page has been accessed. Due to insufficient bounds checking on arguments which are supplied by users in wwwCount
2.3, it is possible to overwrite the internal stack space of the Count.cgi program while it is executing. By supplying a
carefully designed argument to the Count.cgi program (QUERY_STRING environment variable), intruders may be
able to force Count.cgi to execute arbitrary commands with the privileges of the httpd process.
Signature ID: 40
Access to vulnerable version cvsweb.cgi
Threat Level: Warning
Industry ID: CVE-2000-0670
Bugtraq: 1469 Nessus: 10402
Signature Description: CVSweb is a web interface for a CVS repository. It allows users to browse through the source
code history of projects. The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS
repository to execute arbitrary commands via shell metacharacters. CVSWeb Developer CVSWeb 1.80 is vulnerable.