TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

931

932

933

934

935

936

937

938

939

940

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

934

contains it's first byte as carriage return character. Repeated attacks could result in an extended denial of service

condition. This signature detects any packet to port 7161 containing first byte as carriage return.

Signature ID: 35369

Cisco CNS Network Registrar DoS vulnerability

Threat Level: Severe

Industry ID: CVE-2000-0015

Bugtraq: 11793

Signature Description: Cisco CNS Network Registrar is a DNS/DHCP server offered by Cisco for Windows NT

servers and Windows 2000 servers. In Cisco CNS Network Registrar 6.0 to 6.1.1 .3 (inclusive), the lock manager

process is vulnerable to a crash that results in a denial of service condition. This will cause the CCM server to fail. The

server agent must be restarted to resume normal operations.

Signature ID: 35370

Acme.Serve prepended slash arbitrary file Access vulnerability

Threat Level: Warning

Industry ID: CVE-2001-0748 Bugtraq: 2809

Signature Description: Acme.Serve is a free, open-source, embeddable web server written in Java. ACME Laboratories

Acme.Serve 1.7 and prior versions are vulnerable to information disclosure vulnerability due to insufficient handling of

prepended '/'(slash) characters. Cisco Secure ACS Solution Engine lets you centrally manage access to network

resources. Cisco Secure ACS for Unix 2.0 to 2.3.5.1(inclusive) and APC PowerChute Network Shutdown 2.2.1

implement the Acme.serve web server and are therefore vulnerable to this attack. Cisco secure ACS listens by default

on TCP port 9090. This signature detects attacks on the same port.

Signature ID: 35371

Acme.Serve prepended slash arbitrary file Access vulnerability

Threat Level: Warning

Industry ID: CVE-2001-0748 Bugtraq: 2809

Signature Description: Acme.Serve is a free, open-source, embeddable web server written in Java. ACME Laboratories

Acme.Serve 1.7 and prior versions are vulnerable to information disclosure vulnerability due to insufficient handling of

prepended '/'(slash) characters. Cisco Secure ACS Solution Engine lets you centrally manage access to network

resources. Cisco Secure ACS for Unix 2.0 to 2.3.5.1(inclusive) and APC PowerChute Network Shutdown 2.2.1

implement the Acme.serve web server and are therefore vulnerable to this attack. This signature detects the

vulnerability on all ports mapped to HTTP portmap.

Signature ID: 35400

Cisco IOS IPv4 Packet Denial of Service Vulnerability

Threat Level: Warning

Industry ID: CVE-2003-0567 Bugtraq: 8211

Signature Description: Cisco IOS (Internetwork Operating System) is the software used on the Cisco System routers

and Cisco network switches. IOS is a package of routing, switching, inter networking and telecommunications

functions. It is integrated with a multitasking operating system. Cisco IOS (Cisco IOS versions 11.x and 12.0 through

12.2) are vulnerable to denial of service attack. By sending a sequence of IPv4 packets (for specific protocols

53(SWIPE), 55(IP Mobility), 77(Sun ND), and 103(Protocol Independent Multicast)) to an interface on the device,

causing the input queue on that interface to be marked as full(The queue size is larger than maximum size (75), input

queue is blocked) and the input interface to stop processing traffic. This signature detects attacks on IP protocol 53.