TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
923
listed in Oracle Security Alert #66. This signature detects attack traffic containing COPY, DELETE, GET, HEAD or
LOCK methods.
Signature ID: 35316
Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability
Threat Level: Severe
Signature Description: Secure Shell Handler or SSH is a network protocol that allows data to be exchanged using a
secure channel between two computers.Catalyst is the brand name for a variety of network switches sold by Cisco
Systems. Non-Secure Shell (SSH) connection attempts to an enabled SSH service on a Cisco Catalyst 6000, 5000, or
4000 switch might cause a "protocol mismatch" error, resulting in a supervisor engine failure. The supervisor engine
failure causes the switch to fail to pass traffic and reboots the switch. This problem is resolved in release 6.1(1c). Due
to a very limited number of customer downloads, Cisco has chosen to notify affected customers directly. Exploit
attempts of this vulnerability are detected using a combination of two signatures. This is the second signature and
generates a log message.
Signature ID: 35317
Cisco Secure ACS for Windows NT Server Denial of Service Vulnerability
Threat Level: Severe
Industry ID: CVE-2000-1054 Bugtraq: 1705
Signature Description: Cisco Secure Access Control Server (ACS) is an access policy control platform.It supports
multiple scenarios simultaneously, including Device administration(AAA), Remote Access(VPN and other), Wireless
authenticates and authorization and Network admission control.Cisco Secure Access Control Server (ACS) for
Windows releases up to and including 2.6.x and ACS 3.0.1 (build 40)contain two vulnerabilities. By connecting to port
2002 and sending a crafted URL, it is possible to, in a less severe case, kill the CSADMIN module or, in a severe case,
to execute an arbitrary user-supplied code. By providing a URL containing formatting symbols(for example, %s, %p),
it is possible to execute a user-provided code. By using "..\.." in the URL it is possible to access data in any directory
outside the Web root directory but on the same hard disk or disk partition. With this technique it is possible to access
only the following file types: html, htm, class, jpg, jpeg or gif. Fixes are available for Cisco Secure Access Control
Server - Windows releases 2.6(4.4) and 3.0.1 (build 40) at vendors web site. This rule hits when attack traffic is
flowing towards 2002 Destination port.
Signature ID: 35318
Cisco Secure ACS for Windows NT Server Denial of Service Vulnerability
Threat Level: Severe
Industry ID: CVE-2000-1054
Bugtraq: 1705
Signature Description: Cisco Secure Access Control Server (ACS) is an access policy control platform.It supports
multiple scenarios simultaneously, including Device administration(AAA), Remote Access(VPN and other), Wireless
authenticates and authorization and Network admission control.Cisco Secure Access Control Server (ACS) for
Windows releases up to and including 2.6.x and ACS 3.0.1 (build 40)contain two vulnerabilities. By connecting to port
2002 and sending a crafted URL, it is possible to, in a less severe case, kill the CSADMIN module or, in a severe case,
to execute an arbitrary user-supplied code. By providing a URL containing formatting symbols(for example, %s, %p),
it is possible to execute a user-provided code. By using "..\.." in the URL it is possible to access data in any directory
outside the Web root directory but on the same hard disk or disk partition. With this technique it is possible to access
only the following file types: html, htm, class, jpg, jpeg or gif. Fixes are available for Cisco Secure Access Control
Server - Windows releases 2.6(4.4) and 3.0.1 (build 40) at vendors web site. This rule hits when ../ or ..\ present in the
traffic which are flowing towards to 2002 destination port.