TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
920
Signature ID: 35300
Oracle Application Server Web Cache Heap Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0385 Bugtraq: 9868 Nessus: 12126
Signature Description: The Oracle Web Cache is useful for caching static and dynamic content generated from Oracle
Application web servers thus reducing the bandwidth usage, server load. The Oracle9i Application Server Web Cache
versions 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 are vulnerable to a heap-based buffer overflow. The vulnerability
exists in the code that processes HTTP requests. By supplying an overly long HTTP Request Method header, an
attacker could execute arbitrary code with privileges of the vulnerable process. Oracle has released a patch to address
this vulnerability that is listed in Oracle Security Alert #66.
Signature ID: 35301
Oracle Application Server Web Cache DoS Vulnerability
Threat Level: Severe
Industry ID: CVE-2004-0385 Bugtraq: 9868 Nessus: 12126
Signature Description: The Oracle Web Cache is useful for caching static and dynamic content generated from Oracle
Application web servers thus reducing the bandwidth usage, server load. The Oracle9i Application Server Web Cache
versions 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 are vulnerable to a Denial of Service attack. The vulnerability
exists in how the Oracle Web Cache handles HTTP request headers. If a header within the request contains a NULL
byte, the Web Cache will not log the request to any of its logs and the server will keep the connection open with the
client until it has timed out. This can lead to a denial of service, by means of exceeding the limit upon the number of
simultaneous connections supported by the Web Cache. Oracle has released a patch to address this vulnerability that is
listed in Oracle Security Alert #66. This signature detects attack traffic containing MKCOL, MOVE, POST, PUT or
TRACE methods.
Signature ID: 35302
Adobe Reader AcroPDF.dll ActiveX denial of service vulnerability
Threat Level: Severe
Industry ID: CVE-2006-6027 Bugtraq: 21813
Signature Description: Adobe Acrobat is a family of computer programs developed by Adobe Systems, designed to
view, create, manipulate and manage files in Adobe's Portable Document Format. Adobe Reader 7.0.8.0 is vulnerable
to denial of service via sending long string argument to src method. By persuading a victim to visit a specially-crafted
Web page containing hex encoded shellcode, a remote attacker could execute arbitrary code on the system with the
privileges of the victim. Update the latest version available from vendors web site. Alternatively user can set the kill bit
for CLSID orresponding to the progid AcroPDF.PDF to resolve this issue.
Signature ID: 35303
Adobe Reader AcroPDF.dll ActiveX denial of service vulnerability
Threat Level: Severe
Industry ID: CVE-2006-6027
Bugtraq: 21813
Signature Description: Adobe Acrobat is a family of computer programs developed by Adobe Systems, designed to
view, create, manipulate and manage files in Adobe's Portable Document Format. Adobe Reader 7.0.8.0 is vulnerable
to denial of service via sending long string argument to src method. By persuading a victim to visit a specially-crafted
Web page containing hex encoded shellcode, a remote attacker could execute arbitrary code on the system with the
privileges of the victim. Update the latest version available from vendors web site. Alternatively user can set the kill bit
for CLSID CA8A9780-280D-11CF-A24D-444553540000.