TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
962
Signature ID: 35521
Cisco IOS SSH Malformed Packet Vulnerabilities
Threat Level: Severe
Industry ID: CVE-2002-1359 Bugtraq: 6407
Signature Description: SSH (Secure Shell) is a client-server program for authentication and encryption of network
communications.Certain Cisco products containing support for the Secure Shell (SSH) server are vulnerable to a Denial
of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device
can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device.
The SSH server in Cisco IOS is disabled by default. A remote attacker could overflow a buffer in the vulnerable SSH
client or server and cause the SSH service to crash or execute arbitrary code on the system with privileges of the SSH
process.The Vulnerable versions are 12.0(5)S, 12.0(16)ST, 12.1(1)T, 12.1(5a)E, 12.2(1), 12.2(1)T, 12.2(1)S, if the SSH
feature is enabled.
Signature ID: 35522
Cisco IOS Facsimile reception vulnerability
Threat Level: Warning
Industry ID: CVE-2007-4291
Signature Description: The configuration of T.38 real-time fax on Cisco voice gateways is similar to the configuration
of VoIP calls. Reception of a overly large packet to T.38(Internet Fax Protocol) over RTP through ports ranges from
16384 to 32767 is vulnerable to denial of service, and may cause the affected device to crash. The attacker can exploit
the vulnerability remotely without authentication and without user interaction.
Signature ID: 35523
Multiple Cisco Products Online Help Cross Site Scripting Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-5547 Bugtraq: 22982
Signature Description: Cross-site scripting (XSS) vulnerability has been identified in various Cisco products, which
could be exploited by attackers to execute arbitrary scripting code. Input passed to the search code of PreSearch.html or
PreSearch.class is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary
HTML and script code in a user's browser session in context of an affected software or device. This may help the
attacker steal cookie-based authentication credentials and launch other attacks.
Signature ID: 35524
TFTP PUT Request from Outside
Threat Level: Warning
Industry ID: CVE-1999-0183
Signature Description: This rule gets hit when a TFTP PUT request is made from external network to internal network.
The TFTP (Trivial File Transfer Protocol) allows remote users to read or write files without having to log in. Attackers
may use TFTP to upload and download files from server that are properly or improperly configured. Normally attackers
attempt to locate TFTP servers using automated scanners and tools.
Signature ID: 35525
Cisco IOS Embedded SNMP Community Names
Threat Level: Severe
Industry ID: CVE-CVE-2001-0711
Bugtraq: 2427
Signature Description: The Interim Local Management Interface (ILMI) is a protocol defined by the ATM Forum for
setting and capturing physical layer, ATM layer, virtual path, and virtual circuit parameters on ATM interfaces. ILMI
uses SNMP messages without User Datagram Protocol (UDP) and IP. It organizes managed objects in four