TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
91
Signature ID: 617
Microsoft Windows Media Services NSIISlog.DLL Remote Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2003-0349
CVE-2003-0227 Bugtraq: 8035 Nessus: 11664,11664
Signature Description: Microsoft Windows Media Services, a feature of the Microsoft Windows 2000 server, is
designed to deliver media content to clients across a network via multicast media streaming. This service is not
installed by default. A stack-based buffer overflow exists in the ISAPI (Internet Services Application Programming
Interface) nsiislog.dll extension of the Internet Information Services (IIS). If the server is configured for Windows
Media Services, a remote attacker could send an overly large POST request to the server to overflow a buffer and cause
IIS to stop responding to legitimate Web requests and execute arbitrary code on the system. Microsodt has addressed
updates for this vulnerability in MS03-022.
Signature ID: 618
WEB-IIS Battleaxe Forum login.asp vulnerability
Threat Level: Information
Industry ID: CVE-2003-0215 Bugtraq: 7416
Signature Description: The BTTLXE Forum is a web application used for web-based discussion forums.
BttlxeForum(bttlxeForum version 2.0 beta 3 and earlier) is a SQL injection vulnerability, caused by improper
validation of user-supplied input that is used to construct SQL queries. This data may be supplied via the 'password'
field without a user name in the login.asp page. A remote attacker can use this vulnerability to inject malicious data into
SQL queries and gain unauthorized access to the system.
Signature ID: 621
WEB-MISC mod_gzip_status vulnerability
Threat Level: Information
Nessus: 11685
Signature Description: This event indicates that an attempt has been made to ascertain the status of the Apache module
mod_gzip on a host from a source external to the protected network. mod_gzip is used to compress data sent by an
Apache webserver in an attempt to preserve bandwidth and speed up communications between client and server. The
attacker may be trying to gain information on the server by making a query to the mod_gzip_status page. This could
lead to information disclosure which might then be used in further attacks against that host.
Signature ID: 623
WEB-MISC logicworks.ini access Vulnerability
Threat Level: Information
Industry ID: CVE-2003-1383 Bugtraq: 6996 Nessus: 11639
Signature Description: Web-ERP is a complete web based accounting/ERP system that requires only a web-browser
and pdf to use. WEB-ERP(WEB-ERP versions 0.1.4 and prior) could allow a remote attacker to gain access to the
logicwork.ini configuration file. A remote attacker could send a URL request for the logicworks.ini file to obtain
sensitive information, including the username and password for the backend MySQL database. Upgrade the latest
version of WEB-ERP, available at vendor's web site.
Signature ID: 624
Philboard philboard_admin.ASP Authentication Bypass Vulnerability
Threat Level: Information
Bugtraq: 7739 Nessus: 11675
Signature Description: Phiboard is freeware forum application implemented in ASP Scripts. Philboard, version 1.14
and prior, could allow a remote attacker to gain unauthorized administrative access to the forum. Philboard stores
authentication settings in cookies called "philboard_admin" and "admin". The issue triggered when an attacker can