TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

941

942

943

944

945

946

947

948

949

950

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

946

/plugins/hpjdwm/script/test/setinfo.hts script. The successful exploitation may allow an attacker to read the local.user

file and gain the encrypted passwords of all users which have a password set for the Jet Admin application. No remedy

available as of November 15, 2008.

Signature ID: 35452

HP WEB JETADMIN

Threat Level: Warning

Industry ID: CVE-2004-1856 Bugtraq: 9971

Signature Description: HP JetAdmin software manages HP JetDirect-connected printers using a Web browser. HP

JetAdmin, version 7.5.2546, could allow a remote attacker to upload malicious files to the system. This rule will trigger

when an 'authenticated' user who was not the admin account on the Jet Admin service could use this

/plug/plugins/framework/script/tree.xms script. The successful exploitation may allow an attacker to execute arbitrary

code on the system. No remedy available as of November 15, 2008.

Signature ID: 35453

Microsoft IIS Source Code Disclosure

Threat Level: Warning

Industry ID: CVE-2005-2678

Signature Description: IIS(Internet Information Server) is a group of Internet servers(including a Web or Hypertext

Transfer Protocol server and a File Transfer Protocol server). Microsoft IIS is, version 5.0, 5.1 and 6, a information

disclosure vulnerability. Microsoft IIS 5.x shows sensitive information if the "SERVER_NAME" IIS 5.x server

variable is "localhost". If a IIS 5.x 500-100.asp page has an error, but only if "SERVER_NAME" IIS server variable is

"localhost". The successful exploitation may allow an attacker to gain knowledge of script contents and obtain sensitive

information.

Signature ID: 35454

Microsoft Outlook Express Windows Address Book File Vulnerability

Threat Level: Severe

Industry ID: CVE-2006-0014 CVE-2006-2386 Bugtraq: 17459

Signature Description: Outlook Express is an e-mail/news client that was included with Internet Explorer versions

Internet Explorer 4.0 through 6.0. Microsoft Outlook Express, 5.5 and 6, is a buffer overflow vulnerability caused by

improper bounds checking of Windows Address Book(.wab) files. The Windows Address Book(.wab) file containing

certain Unicode strings and modified length values. This signature detects when an attacker creating a malicious .wab

file and hosting it on a Web site or by sending it to a potential victim as an email attachment. The successful

exploitation may allow an attacker to overflow a buffer and execute arbitrary code on the victim's system, if the victim

could be persuaded to open the malicious file.

Signature ID: 35455

Computer Associates Products Discovery Service Buffer Overflow vulnerability

Threat Level: Severe

Industry ID: CVE-2006-5143 Bugtraq: 20364

Signature Description: Computer Associates(CA) Brightstor ARCserve Backup and Business Protection suite family of

software products offer data protection for distributed servers, clients, databases and applications. And they provide

Backup, Restore, Data Migration and Threat Management with centralized control. Computer Associates Discovery

Service is a buffer overflow vulnerability. This signature will trigger when an attacker sending a long hostname on TCP

port 41523 to ASBRDCST.DLL in the Discovery Service. The successful exploitation may allow an attacker to

overflow a buffer and execute arbitrary code on the system.